CWE-159
Allowed-with-ReviewImproper Handling of Invalid Use of Special Elements
Abstraction: Class · Status: Draft
The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.
18 vulnerabilities reference this CWE, most recent first.
CVE-2020-1648 (GCVE-0-2020-1648)
Vulnerability from cvelistv5 – Published: 2020-07-17 18:40 – Updated: 2024-09-16 19:40| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11035 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
18.2X75-D50.8 18.2X75-D60 , < 18.2X75*
(custom)
Unaffected: 19.4 , < 19.4R1 (custom) Affected: 20.1 , < 20.1R1-S2, 20.1R2 (custom) |
|
| Juniper Networks | Junos OS Evolved |
Unaffected:
19.4-EVO , < 19.4R1-EVO
(custom)
Affected: 20.1-EVO , < 20.1R2-EVO (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70",
"status": "unaffected"
}
],
"lessThan": "18.2X75*",
"status": "affected",
"version": "18.2X75-D50.8 18.2X75-D60",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.4R1",
"status": "affected"
},
{
"at": "19.4R1-S2, 19.4R2",
"status": "unaffected"
}
],
"lessThan": "19.4R1",
"status": "unaffected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S2, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "19.4R2-S2-EVO",
"status": "unaffected"
}
],
"lessThan": "19.4R1-EVO",
"status": "unaffected",
"version": "19.4-EVO",
"versionType": "custom"
},
{
"lessThan": "20.1R2-EVO",
"status": "affected",
"version": "20.1-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-159",
"description": "CWE-159 Failure to Sanitize Special Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:42.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11035"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70, 19.4R1-S2, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-S2-EVO, 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11035",
"defect": [
"1502327"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1648",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "18.2X75",
"version_value": "18.2X75-D50.8 18.2X75-D60"
},
{
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70"
},
{
"version_affected": "!\u003c",
"version_name": "19.4",
"version_value": "19.4R1"
},
{
"version_affected": "\u003e=",
"version_name": "19.4",
"version_value": "19.4R1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_name": "19.4-EVO",
"version_value": "19.4R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "19.4-EVO",
"version_value": "19.4R2-S2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.1-EVO",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-159 Failure to Sanitize Special Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-690 Unchecked Return Value to NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11035",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11035"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70, 19.4R1-S2, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-S2-EVO, 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11035",
"defect": [
"1502327"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1648",
"datePublished": "2020-07-17T18:40:42.272Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:40:10.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1646 (GCVE-0-2020-1646)
Vulnerability from cvelistv5 – Published: 2020-07-17 18:40 – Updated: 2024-09-17 03:37- Denial of Service (DoS)
- CWE-159 - Failure to Sanitize Special Element
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11033 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.3R3-S6
Affected: 17.4R2-S7 Affected: 18.1R3-S7 |
|
| Juniper Networks | Junos OS Evolved |
Affected:
unspecified , < 19.3R1-EVO
(custom)
Affected: 19.2R2-EVO , < 19.2-EVO* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "17.3R3-S6"
},
{
"status": "affected",
"version": "17.4R2-S7"
},
{
"status": "affected",
"version": "18.1R3-S7"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.2-EVO*",
"status": "affected",
"version": "19.2R2-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-159",
"description": "CWE-159 Failure to Sanitize Special Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:41.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11033"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.3R3-S7, 17.4R2-S8, 18.1R3-S8, and all subsequent releases.\nThis fix has been proactively committed to other Junos OS releases that are not vulnerable to this issue.\n\nJunos OS Evolved: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11033",
"defect": [
"1448425"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information.",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T04:00:00.000Z",
"ID": "CVE-2020-1646",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "17.3",
"version_value": "17.3R3-S6"
},
{
"version_affected": "=",
"version_name": "17.4",
"version_value": "17.4R2-S7"
},
{
"version_affected": "=",
"version_name": "18.1",
"version_value": "18.1R3-S7"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "19.2-EVO",
"version_value": "19.2R2-EVO"
},
{
"version_affected": "\u003c",
"version_value": "19.3R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-159 Failure to Sanitize Special Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11033",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11033"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.3R3-S7, 17.4R2-S8, 18.1R3-S8, and all subsequent releases.\nThis fix has been proactively committed to other Junos OS releases that are not vulnerable to this issue.\n\nJunos OS Evolved: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11033",
"defect": [
"1448425"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1646",
"datePublished": "2020-07-17T18:40:41.332Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:37:37.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9505 (GCVE-0-2019-9505)
Vulnerability from cvelistv5 – Published: 2019-05-08 14:48 – Updated: 2024-08-04 21:54- CWE-159 - Failure to Sanitize Special Element
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/169249/ | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/108285 | vdb-entryx_refsource_BID |
| Vendor | Product | Version | |
|---|---|---|---|
| PrinterLogic | Management Software |
Affected:
8.3.1.96 , ≤ 8.3.1.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/169249/"
},
{
"name": "108285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Management Software",
"vendor": "PrinterLogic",
"versions": [
{
"lessThanOrEqual": "8.3.1.96",
"status": "affected",
"version": "8.3.1.96",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-159",
"description": "CWE-159 Failure to Sanitize Special Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-10T16:06:05.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/169249/"
},
{
"name": "108285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108285"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PrinterLogic Print Management Software does not sanitize special characters",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9505",
"STATE": "PUBLIC",
"TITLE": "PrinterLogic Print Management Software does not sanitize special characters"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Management Software",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "8.3.1.96",
"version_value": "8.3.1.96"
}
]
}
}
]
},
"vendor_name": "PrinterLogic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-159 Failure to Sanitize Special Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/169249/"
},
{
"name": "108285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108285"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9505",
"datePublished": "2019-05-08T14:48:20.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-FQWM-6JPJ-5WXC
Vulnerability from github – Published: 2026-04-03 06:31 – Updated: 2026-04-04 06:45In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tornado"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.5.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35536"
],
"database_specific": {
"cwe_ids": [
"CWE-159"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-04T06:45:00Z",
"nvd_published_at": "2026-04-03T04:16:53Z",
"severity": "HIGH"
},
"details": "In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to `.RequestHandler.set_cookie` were not checked for crafted characters.",
"id": "GHSA-fqwm-6jpj-5wxc",
"modified": "2026-04-04T06:45:00Z",
"published": "2026-04-03T06:31:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35536"
},
{
"type": "PACKAGE",
"url": "https://github.com/tornadoweb/tornado"
},
{
"type": "WEB",
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.5.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Tornado has cookie attribute injection via .RequestHandler.set_cookie"
}
GHSA-FWW6-3C6X-RF7P
Vulnerability from github – Published: 2026-02-25 21:31 – Updated: 2026-02-25 21:31This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025. Windows 25H2 (released in September) was released with the patch. Windows 1123h2 and earlier versions remain vulnerable.
{
"affected": [],
"aliases": [
"CVE-2026-2636"
],
"database_specific": {
"cwe_ids": [
"CWE-159"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-25T20:23:48Z",
"severity": "MODERATE"
},
"details": "This vulnerability is caused by a CWE\u2011159: \"Improper Handling of Invalid Use of Special Elements\" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025. Windows 25H2 (released in September) was released with the patch. Windows 1123h2 and earlier versions remain vulnerable.",
"id": "GHSA-fww6-3c6x-rf7p",
"modified": "2026-02-25T21:31:19Z",
"published": "2026-02-25T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2636"
},
{
"type": "WEB",
"url": "https://www.fortra.com/security/advisories/research/fr-2026-001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GJV3-89HH-9XQ2
Vulnerability from github – Published: 2025-06-25 21:27 – Updated: 2025-06-25 21:28Impact
Prior to 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library function will return true for a crafted commitment with a digest value of zero.
This violates the semantics of validateCommitment, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel. Leveraging this bug to compromise the soundness of an application using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs (e.g. having the guest commit to a digest of zero, or failing to check the zkVM proof).
Because this bug does not risk application integrity, correctly written applications are not at risk.
Fix
Please see #605 for a full description of the bug, and the fix. This fix has been released as part of risc0-ethereum 2.1.1 and 2.2.0.
Recommended actions
Users for the Steel Solidity library versions 2.1.0 or earlier should ensure they are using Steel.validateCommitment in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action.
Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel.
Credit
A thank you to Daniel526 on HackenProof for reporting this issue
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "risc0-ethereum-contracts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-52884"
],
"database_specific": {
"cwe_ids": [
"CWE-159"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-25T21:27:59Z",
"nvd_published_at": "2025-06-24T21:15:26Z",
"severity": "LOW"
},
"details": "### Impact\n\nPrior to 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero.\n\nThis violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel. Leveraging this bug to compromise the soundness of an application using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs (e.g. having the guest commit to a digest of zero, or failing to check the zkVM proof).\n\nBecause this bug does not risk application integrity, correctly written applications are not at risk.\n\n### Fix\n\nPlease see [#605] for a full description of the bug, and the fix. This fix has been released as part of `risc0-ethereum` [2.1.1] and [2.2.0].\n\n### Recommended actions\n\nUsers for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the [ERC-20 counter example][example], and [documentation]. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action.\n\nUsers not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel.\n\n### Credit\n\nA thank you to Daniel526 on HackenProof for reporting this issue\n\n[#605]: https://github.com/risc0/risc0-ethereum/pull/605\n[example]: https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63\n[documentation]: https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain\n[2.1.1]: https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1\n[2.2.0]: https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0",
"id": "GHSA-gjv3-89hh-9xq2",
"modified": "2025-06-25T21:28:00Z",
"published": "2025-06-25T21:27:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52884"
},
{
"type": "WEB",
"url": "https://github.com/risc0/risc0-ethereum/pull/605"
},
{
"type": "WEB",
"url": "https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98"
},
{
"type": "WEB",
"url": "https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain"
},
{
"type": "PACKAGE",
"url": "https://github.com/risc0/risc0-ethereum"
},
{
"type": "WEB",
"url": "https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63"
},
{
"type": "WEB",
"url": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1"
},
{
"type": "WEB",
"url": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment"
}
GHSA-H7XX-2PFG-QQHM
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2025-04-23 21:30An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
{
"affected": [],
"aliases": [
"CVE-2021-42375"
],
"database_specific": {
"cwe_ids": [
"CWE-159"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-15T21:15:00Z",
"severity": "HIGH"
},
"details": "An incorrect handling of a special element in Busybox\u0027s ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.",
"id": "GHSA-h7xx-2pfg-qqhm",
"modified": "2025-04-23T21:30:30Z",
"published": "2022-05-24T19:20:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42375"
},
{
"type": "WEB",
"url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
},
{
"type": "WEB",
"url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211223-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HH67-847Q-Q3H9
Vulnerability from github – Published: 2025-10-06 21:30 – Updated: 2026-07-14 15:31ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
{
"affected": [],
"aliases": [
"CVE-2025-61984"
],
"database_specific": {
"cwe_ids": [
"CWE-159"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-06T19:15:36Z",
"severity": "LOW"
},
"details": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)",
"id": "GHSA-hh67-847q-q3h9",
"modified": "2026-07-14T15:31:27Z",
"published": "2025-10-06T21:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984"
},
{
"type": "WEB",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"type": "WEB",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-openssh"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-openssh"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/07/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/12/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Developers should anticipate that special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-28
Strategy: Output Encoding
While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.