CWE-354
AllowedImproper Validation of Integrity Check Value
Abstraction: Base · Status: Draft
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
231 vulnerabilities reference this CWE, most recent first.
GHSA-MX76-R943-RF8G
Vulnerability from github – Published: 2026-05-08 09:31 – Updated: 2026-07-07 21:30In Bouncy Castle LTS for Java, the AES/GCM native implementation used on Intel CPUs with AES PAA instruction sets (AVX / VAES / VAESF variants) can intermittently produce an incorrect authentication tag verification result during decryption when the ciphertext is fed in via a mix of update() calls followed by doFinal(). It is possible to work around it by either using doFinal() only (as the BCJSSE does) or by configuring the module to run in pure Java mode, by setting the system property "org.bouncycastle.native.cpu_variant" to java.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.73.10"
},
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-lts8on"
},
"ranges": [
{
"events": [
{
"introduced": "2.73.0"
},
{
"fixed": "2.73.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-8149"
],
"database_specific": {
"cwe_ids": [
"CWE-1068",
"CWE-354"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-14T13:06:27Z",
"nvd_published_at": "2026-05-08T07:16:29Z",
"severity": "MODERATE"
},
"details": "In Bouncy Castle LTS for Java, the AES/GCM native implementation used on Intel CPUs with AES PAA instruction sets (AVX / VAES / VAESF variants) can intermittently produce an incorrect authentication tag verification result during decryption when the ciphertext is fed in via a mix of `update()` calls followed by `doFinal()`. It is possible to work around it by either using `doFinal()` only (as the BCJSSE does) or by configuring the module to run in pure Java mode, by setting the system property \"org.bouncycastle.native.cpu_variant\" to java.",
"id": "GHSA-mx76-r943-rf8g",
"modified": "2026-07-07T21:30:16Z",
"published": "2026-05-08T09:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8149"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%908149"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Bouncy Castle LTS native GCM chunking can cause bad-tag exception on decryption"
}
GHSA-MXF3-C3V5-9JPV
Vulnerability from github – Published: 2024-09-19 09:36 – Updated: 2024-09-26 21:31This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.
{
"affected": [],
"aliases": [
"CVE-2024-47089"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-19T07:15:02Z",
"severity": "HIGH"
},
"details": "This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.",
"id": "GHSA-mxf3-c3v5-9jpv",
"modified": "2024-09-26T21:31:11Z",
"published": "2024-09-19T09:36:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47089"
},
{
"type": "WEB",
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0296"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MXX3-8WQ4-HRWX
Vulnerability from github – Published: 2022-09-10 00:00 – Updated: 2022-09-15 00:00Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.
{
"affected": [],
"aliases": [
"CVE-2022-39844"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-09T15:15:00Z",
"severity": "HIGH"
},
"details": "Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.",
"id": "GHSA-mxx3-8wq4-hrwx",
"modified": "2022-09-15T00:00:19Z",
"published": "2022-09-10T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39844"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=09"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P4GG-XC3G-RQM7
Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-28 00:00A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.
{
"affected": [],
"aliases": [
"CVE-2021-37182"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-14T10:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SCALANCE XM408-4C (All versions \u003c V6.5), SCALANCE XM408-4C (L3 int.) (All versions \u003c V6.5), SCALANCE XM408-8C (All versions \u003c V6.5), SCALANCE XM408-8C (L3 int.) (All versions \u003c V6.5), SCALANCE XM416-4C (All versions \u003c V6.5), SCALANCE XM416-4C (L3 int.) (All versions \u003c V6.5), SCALANCE XR524-8C, 1x230V (All versions \u003c V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions \u003c V6.5), SCALANCE XR524-8C, 24V (All versions \u003c V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions \u003c V6.5), SCALANCE XR524-8C, 2x230V (All versions \u003c V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions \u003c V6.5), SCALANCE XR526-8C, 1x230V (All versions \u003c V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions \u003c V6.5), SCALANCE XR526-8C, 24V (All versions \u003c V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions \u003c V6.5), SCALANCE XR526-8C, 2x230V (All versions \u003c V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions \u003c V6.5), SCALANCE XR528-6M (All versions \u003c V6.5), SCALANCE XR528-6M (2HR2) (All versions \u003c V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions \u003c V6.5), SCALANCE XR528-6M (L3 int.) (All versions \u003c V6.5), SCALANCE XR552-12M (All versions \u003c V6.5), SCALANCE XR552-12M (2HR2) (All versions \u003c V6.5), SCALANCE XR552-12M (2HR2) (All versions \u003c V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions \u003c V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.",
"id": "GHSA-p4gg-xc3g-rqm7",
"modified": "2022-06-28T00:00:50Z",
"published": "2022-06-15T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37182"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P5WP-2QP8-CC84
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-10-07 18:15An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.
{
"affected": [],
"aliases": [
"CVE-2020-8838"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-23T17:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.",
"id": "GHSA-p5wp-2qp8-cc84",
"modified": "2022-10-07T18:15:58Z",
"published": "2022-05-24T17:12:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8838"
},
{
"type": "WEB",
"url": "https://www.manageengine.com/products/asset-explorer/sp-readme.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/157612/ManageEngine-Asset-Explorer-Windows-Agent-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/May/29"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P8MM-23GG-JC9R
Vulnerability from github – Published: 2026-03-27 17:08 – Updated: 2026-03-27 17:08Summary
A lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one.
Details
Incus image fingerprints are computed as the SHA256 of the concatenated image files. When downloading from a public image server using a simplestreams index, Incus requires an HTTPS connection and validates the SHA256 of the individual files but is lacking validation that the concatenated hash of the files matches the fingerprint listed in the simplestreams index.
This missing check allows an attacker with access to an Incus environment lacking suitable image source restrictions (restricted.image.server or equivalent firewall rules) to cause Incus to download from an attacker controlled image server which would provide different image files for an other well known image fingerprint.
Such an attack can be used to poison the global image cache, leading to another user on the system wanting to use the legitimate image to be provided the compromised one instead.
For this to be successful, the attacker requires:
- Access to an Incus server
- That server to NOT have been configured with
restricted.image.serversor an equivalent firewall or HTTP proxy policy - Some ability to predict what image may be used by other users in the near future
- Other users that are actively deploying new Incus instances on the system
Having to predict what image may be used in the future which doesn't have its legitimate copy already cached on the system (or somewhere within the cluster) makes this attack quite difficult to pull off. It's made even harder by not having any control as to when a given image may be used by another user.
An example of a somewhat easy target would be a server that's known to run ephemeral instances for Ci or build purposes, as those will get created very frequently and the images they use may be public knowledge, it would be possible to get a compromised image in place with the right timing:
- Monitor the legitimate image server for a new image being published
- Immediately create a compromised image with the same fingerprint on an attacker controlled image server
- Get the target Incus environment to download that image BEFORE any legitimate instance creation had the time to pull the legitimate image
But this again assumes an environment lacking either restricted.image.servers or equivalent firewall or proxy policies.
Mitigation
As mentioned above, any server using restricted.image.servers in project configuration, as would be strongly recommended in multi-tenant environments will be immune to this attack. As would any server going through equivalent network restriction whether implemented through firewalling or through an HTTP proxy server.
The updated Incus versions will now validate not just the individual files during download but also that the hash of the concatenated files does match the image fingerprint, fully preventing such an attack in the future.
PoC
To create a PoC, simply download https://images.linuxcontainers.org/streams/v1/{index,images}.json and https://images.linuxcontainers.org/images/DISTRO/RELEASE/ARCH/default/NEWEST/{incus.tar.xz,rootfs.squashfs} or similar paths, put them in suitable locations in a folder, and then use a server to serve them through https. The TLS certificate used by the server may need to be signed by a trusted CA of the client system.
Then change the content of rootfs.squashfs by unsquashfs/mksquashfs, add one line in /root/.bashrc: echo 'PoC: hacked!', and then update corresponding sha256 and size fields for that individual file in images.json.
Using incus-simplestreams first and then altering the combined_xxx fields should also be OK.
After that, check the following commands:
$ incus remote add poc https://TESTSERVER:4443 --protocol simplestreams
$ incus remote list
+-----------------+------------------------------------+---------------+-------------+--------+--------+--------+
| NAME | URL | PROTOCOL | AUTH TYPE | PUBLIC | STATIC | GLOBAL |
+-----------------+------------------------------------+---------------+-------------+--------+--------+--------+
| images | https://images.linuxcontainers.org | simplestreams | none | YES | NO | NO |
+-----------------+------------------------------------+---------------+-------------+--------+--------+--------+
| local (current) | unix:// | incus | file access | NO | YES | NO |
+-----------------+------------------------------------+---------------+-------------+--------+--------+--------+
| poc | https://TESTSERVER:4443 | simplestreams | none | YES | NO | NO |
+-----------------+------------------------------------+---------------+-------------+--------+--------+--------+
$ incus image list
+-------+-------------+--------+-------------+--------------+------+------+-------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE | UPLOAD DATE |
+-------+-------------+--------+-------------+--------------+------+------+-------------+
$ incus image list images:debian/trixie -c lFpdasu
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | SIZE | UPLOAD DATE |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13 (7 more) | 8dad70759d54410e4e8ad84164f6a9d8bda3af753a54441365ff1476f065999c | yes | Debian trixie amd64 (20260320_05:24) | x86_64 | 341.13MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13 (7 more) | 945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369 | yes | Debian trixie amd64 (20260320_05:24) | x86_64 | 94.70MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13/arm64 (3 more) | 41b4f8849cfc8d22a6b9cd86790602a43f67a9ec2c1d7e13a0b3ecf7b7d6663e | yes | Debian trixie arm64 (20260320_05:24) | aarch64 | 339.27MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13/arm64 (3 more) | fda543def4b41f65511696ec0350d899dad5374956d18078697f58d1c466bae4 | yes | Debian trixie arm64 (20260320_05:24) | aarch64 | 92.25MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13/armhf (3 more) | 77ef0a077759eab7690b1401bfbec78360d2a0462ee89fa3de86b899465adedb | yes | Debian trixie armhf (20260320_05:24) | armv7l | 84.14MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13/cloud (3 more) | 2ee3da00ca407ea98e1b84a2d5b1561c0fffb0281b05035e307e5029cdaa5532 | yes | Debian trixie amd64 (20260320_05:24) | x86_64 | 130.17MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13/cloud (3 more) | 108ed9a36105c37ba5412a880b5c39653536453189789aa101e46591de620d56 | yes | Debian trixie amd64 (20260320_05:24) | x86_64 | 374.30MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13/cloud/arm64 (1 more) | cfb51c473e221b6c8b62a21808bd4f69ca4845108abfb14187fde8b79befbab3 | yes | Debian trixie arm64 (20260320_05:24) | aarch64 | 126.78MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13/cloud/arm64 (1 more) | ff2c2c62849d978dfad0cc1df54c0f55881a0edf3b31333c3b2a00413eaee1a5 | yes | Debian trixie arm64 (20260320_05:24) | aarch64 | 371.76MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13/cloud/armhf (1 more) | 8eb505d548265e371a3ab0d277f76986f0879e414a6a74af2f975cf3caffc565 | yes | Debian trixie armhf (20260320_05:24) | armv7l | 117.92MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13/cloud/riscv64 (1 more) | dab5009031d0d03c8cfebb330a83baf950eb79b8277a5f071e0a81758d17b8b4 | yes | Debian trixie riscv64 (20260320_05:24) | riscv64 | 122.90MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
| debian/13/riscv64 (3 more) | 1fa5c6eaf7f3c107b96625b49bc2e4f00b077d949d349d9e3c412747ec492341 | yes | Debian trixie riscv64 (20260320_05:24) | riscv64 | 87.86MiB | 2026/03/20 08:00 CST |
+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+
$ incus image copy poc:debian/trixie local:
Image copied successfully!
$ incus image list -c lFpdasu
+-------+------------------------------------------------------------------+--------+--------------------------------------+--------------+-----------+----------------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | SIZE | UPLOAD DATE |
+-------+------------------------------------------------------------------+--------+--------------------------------------+--------------+-----------+----------------------+
| | 945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369 | no | Debian trixie amd64 (20260320_05:24) | x86_64 | 105.09MiB | 2026/03/21 00:55 CST |
+-------+------------------------------------------------------------------+--------+--------------------------------------+--------------+-----------+----------------------+
$ incus launch images:debian/trixie
Launching the instance
Instance name is: star-mollusk
$ incus list
+--------------+---------+------+------------------------------------------------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+--------------+---------+------+------------------------------------------------+-----------+-----------+
| star-mollusk | RUNNING | | fd42:115a:7a71:9748:1266:6aff:fe1a:d504 (eth0) | CONTAINER | 0 |
+--------------+---------+------+------------------------------------------------+-----------+-----------+
$ incus exec star-mollusk bash
PoC: hacked!
root@star-mollusk:~#
exit
$ incus image export images:debian/trixie
Image exported successfully!
$ cat incus.tar.xz rootfs.squashfs | sha256sum
945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369 -
$ rm incus.tar.xz rootfs.squashfs
$ incus image export poc:debian/trixie
Image exported successfully!
$ cat incus.tar.xz rootfs.squashfs | sha256sum
d3ec6f76cc1e4e49479e52c69b3d71430748f7c86d1214f44893e131392ad002 -
$ rm incus.tar.xz rootfs.squashfs
$ incus image export local:945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369
Error: Image fingerprint doesn't match. Got d3ec6f76cc1e4e49479e52c69b3d71430748f7c86d1214f44893e131392ad002 expected 945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369
$ incus image export poc:945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369
Image exported successfully!
$ cat incus.tar.xz rootfs.squashfs | sha256sum
d3ec6f76cc1e4e49479e52c69b3d71430748f7c86d1214f44893e131392ad002 -
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/lxc/incus/v6/client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33542"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-354"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-27T17:08:07Z",
"nvd_published_at": "2026-03-26T23:16:20Z",
"severity": "HIGH"
},
"details": "### Summary\nA lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one.\n\n### Details\nIncus image fingerprints are computed as the SHA256 of the concatenated image files.\nWhen downloading from a public image server using a simplestreams index, Incus requires an HTTPS connection and validates the SHA256 of the individual files but is lacking validation that the concatenated hash of the files matches the fingerprint listed in the simplestreams index.\n\nThis missing check allows an attacker with access to an Incus environment lacking suitable image source restrictions (`restricted.image.server` or equivalent firewall rules) to cause Incus to download from an attacker controlled image server which would provide different image files for an other well known image fingerprint.\n\nSuch an attack can be used to poison the global image cache, leading to another user on the system wanting to use the legitimate image to be provided the compromised one instead.\n\nFor this to be successful, the attacker requires:\n\n - Access to an Incus server\n - That server to NOT have been configured with `restricted.image.servers` or an equivalent firewall or HTTP proxy policy\n - Some ability to predict what image may be used by other users in the near future\n - Other users that are actively deploying new Incus instances on the system\n\nHaving to predict what image may be used in the future which doesn\u0027t have its legitimate copy already cached on the system (or somewhere within the cluster) makes this attack quite difficult to pull off. It\u0027s made even harder by not having any control as to when a given image may be used by another user.\n\nAn example of a somewhat easy target would be a server that\u0027s known to run ephemeral instances for Ci or build purposes, as those will get created very frequently and the images they use may be public knowledge, it would be possible to get a compromised image in place with the right timing:\n\n - Monitor the legitimate image server for a new image being published\n - Immediately create a compromised image with the same fingerprint on an attacker controlled image server\n - Get the target Incus environment to download that image BEFORE any legitimate instance creation had the time to pull the legitimate image\n\nBut this again assumes an environment lacking either `restricted.image.servers` or equivalent firewall or proxy policies.\n\n### Mitigation\nAs mentioned above, any server using `restricted.image.servers` in project configuration, as would be strongly recommended in multi-tenant environments will be immune to this attack. As would any server going through equivalent network restriction whether implemented through firewalling or through an HTTP proxy server.\n\nThe updated Incus versions will now validate not just the individual files during download but also that the hash of the concatenated files does match the image fingerprint, fully preventing such an attack in the future.\n\n### PoC\nTo create a PoC, simply download `https://images.linuxcontainers.org/streams/v1/{index,images}.json` and `https://images.linuxcontainers.org/images/DISTRO/RELEASE/ARCH/default/NEWEST/{incus.tar.xz,rootfs.squashfs}` or similar paths, put them in suitable locations in a folder, and then use a server to serve them through https. The TLS certificate used by the server may need to be signed by a trusted CA of the client system.\n\nThen change the content of `rootfs.squashfs` by `unsquashfs`/`mksquashfs`, add one line in `/root/.bashrc`: `echo \u0027PoC: hacked!\u0027`, and then update corresponding `sha256` and `size` fields for that individual file in `images.json`.\n\nUsing `incus-simplestreams` first and then altering the `combined_xxx` fields should also be OK.\n\nAfter that, check the following commands:\n\n```\n$ incus remote add poc https://TESTSERVER:4443 --protocol simplestreams\n$ incus remote list \n+-----------------+------------------------------------+---------------+-------------+--------+--------+--------+\n| NAME | URL | PROTOCOL | AUTH TYPE | PUBLIC | STATIC | GLOBAL |\n+-----------------+------------------------------------+---------------+-------------+--------+--------+--------+\n| images | https://images.linuxcontainers.org | simplestreams | none | YES | NO | NO |\n+-----------------+------------------------------------+---------------+-------------+--------+--------+--------+\n| local (current) | unix:// | incus | file access | NO | YES | NO |\n+-----------------+------------------------------------+---------------+-------------+--------+--------+--------+\n| poc | https://TESTSERVER:4443 | simplestreams | none | YES | NO | NO |\n+-----------------+------------------------------------+---------------+-------------+--------+--------+--------+\n$ incus image list \n+-------+-------------+--------+-------------+--------------+------+------+-------------+\n| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE | UPLOAD DATE |\n+-------+-------------+--------+-------------+--------------+------+------+-------------+\n$ incus image list images:debian/trixie -c lFpdasu\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | SIZE | UPLOAD DATE |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13 (7 more) | 8dad70759d54410e4e8ad84164f6a9d8bda3af753a54441365ff1476f065999c | yes | Debian trixie amd64 (20260320_05:24) | x86_64 | 341.13MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13 (7 more) | 945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369 | yes | Debian trixie amd64 (20260320_05:24) | x86_64 | 94.70MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13/arm64 (3 more) | 41b4f8849cfc8d22a6b9cd86790602a43f67a9ec2c1d7e13a0b3ecf7b7d6663e | yes | Debian trixie arm64 (20260320_05:24) | aarch64 | 339.27MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13/arm64 (3 more) | fda543def4b41f65511696ec0350d899dad5374956d18078697f58d1c466bae4 | yes | Debian trixie arm64 (20260320_05:24) | aarch64 | 92.25MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13/armhf (3 more) | 77ef0a077759eab7690b1401bfbec78360d2a0462ee89fa3de86b899465adedb | yes | Debian trixie armhf (20260320_05:24) | armv7l | 84.14MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13/cloud (3 more) | 2ee3da00ca407ea98e1b84a2d5b1561c0fffb0281b05035e307e5029cdaa5532 | yes | Debian trixie amd64 (20260320_05:24) | x86_64 | 130.17MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13/cloud (3 more) | 108ed9a36105c37ba5412a880b5c39653536453189789aa101e46591de620d56 | yes | Debian trixie amd64 (20260320_05:24) | x86_64 | 374.30MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13/cloud/arm64 (1 more) | cfb51c473e221b6c8b62a21808bd4f69ca4845108abfb14187fde8b79befbab3 | yes | Debian trixie arm64 (20260320_05:24) | aarch64 | 126.78MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13/cloud/arm64 (1 more) | ff2c2c62849d978dfad0cc1df54c0f55881a0edf3b31333c3b2a00413eaee1a5 | yes | Debian trixie arm64 (20260320_05:24) | aarch64 | 371.76MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13/cloud/armhf (1 more) | 8eb505d548265e371a3ab0d277f76986f0879e414a6a74af2f975cf3caffc565 | yes | Debian trixie armhf (20260320_05:24) | armv7l | 117.92MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13/cloud/riscv64 (1 more) | dab5009031d0d03c8cfebb330a83baf950eb79b8277a5f071e0a81758d17b8b4 | yes | Debian trixie riscv64 (20260320_05:24) | riscv64 | 122.90MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n| debian/13/riscv64 (3 more) | 1fa5c6eaf7f3c107b96625b49bc2e4f00b077d949d349d9e3c412747ec492341 | yes | Debian trixie riscv64 (20260320_05:24) | riscv64 | 87.86MiB | 2026/03/20 08:00 CST |\n+----------------------------------+------------------------------------------------------------------+--------+----------------------------------------+--------------+-----------+----------------------+\n$ incus image copy poc:debian/trixie local:\nImage copied successfully! \n$ incus image list -c lFpdasu\n+-------+------------------------------------------------------------------+--------+--------------------------------------+--------------+-----------+----------------------+\n| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | SIZE | UPLOAD DATE |\n+-------+------------------------------------------------------------------+--------+--------------------------------------+--------------+-----------+----------------------+\n| | 945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369 | no | Debian trixie amd64 (20260320_05:24) | x86_64 | 105.09MiB | 2026/03/21 00:55 CST |\n+-------+------------------------------------------------------------------+--------+--------------------------------------+--------------+-----------+----------------------+\n$ incus launch images:debian/trixie\nLaunching the instance\nInstance name is: star-mollusk \n$ incus list \n+--------------+---------+------+------------------------------------------------+-----------+-----------+\n| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |\n+--------------+---------+------+------------------------------------------------+-----------+-----------+\n| star-mollusk | RUNNING | | fd42:115a:7a71:9748:1266:6aff:fe1a:d504 (eth0) | CONTAINER | 0 |\n+--------------+---------+------+------------------------------------------------+-----------+-----------+\n$ incus exec star-mollusk bash\nPoC: hacked!\nroot@star-mollusk:~# \nexit\n$ incus image export images:debian/trixie\nImage exported successfully! \n$ cat incus.tar.xz rootfs.squashfs | sha256sum\n945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369 -\n$ rm incus.tar.xz rootfs.squashfs\n$ incus image export poc:debian/trixie\nImage exported successfully! \n$ cat incus.tar.xz rootfs.squashfs | sha256sum\nd3ec6f76cc1e4e49479e52c69b3d71430748f7c86d1214f44893e131392ad002 -\n$ rm incus.tar.xz rootfs.squashfs\n$ incus image export local:945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369\nError: Image fingerprint doesn\u0027t match. Got d3ec6f76cc1e4e49479e52c69b3d71430748f7c86d1214f44893e131392ad002 expected 945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369\n$ incus image export poc:945758c6900211055b3b0b6d2ab9617a9f9dbeb70e4c3b9710dc47aa01345369\nImage exported successfully! \n$ cat incus.tar.xz rootfs.squashfs | sha256sum\nd3ec6f76cc1e4e49479e52c69b3d71430748f7c86d1214f44893e131392ad002 -\n```",
"id": "GHSA-p8mm-23gg-jc9r",
"modified": "2026-03-27T17:08:07Z",
"published": "2026-03-27T17:08:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/lxc/incus/security/advisories/GHSA-p8mm-23gg-jc9r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33542"
},
{
"type": "WEB",
"url": "https://github.com/lxc/incus/commit/04e97418189f743411884afb81a3384e6218b8cd"
},
{
"type": "WEB",
"url": "https://github.com/lxc/incus/commit/4a80447c52d6bc05d3322feeb5395f581e7a80e4"
},
{
"type": "WEB",
"url": "https://github.com/lxc/incus/commit/72688b7d9400c8f3c17ad0f93a7c1aeb89627307"
},
{
"type": "WEB",
"url": "https://github.com/lxc/incus/commit/ee26f72524ab60a4abcfd4e52667c52bb24364fc"
},
{
"type": "PACKAGE",
"url": "https://github.com/lxc/incus"
},
{
"type": "WEB",
"url": "https://github.com/lxc/incus/releases/tag/v6.23.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Incus does not verify combined fingerprint when downloading images from simplestreams servers"
}
GHSA-PCPP-7694-V79Q
Vulnerability from github – Published: 2025-08-14 06:30 – Updated: 2025-08-14 06:30Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.
{
"affected": [],
"aliases": [
"CVE-2024-7402"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T05:15:26Z",
"severity": "HIGH"
},
"details": "Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.",
"id": "GHSA-pcpp-7694-v79q",
"modified": "2025-08-14T06:30:33Z",
"published": "2025-08-14T06:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7402"
},
{
"type": "WEB",
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PGCQ-H79J-2F69
Vulnerability from github – Published: 2021-11-10 19:03 – Updated: 2024-11-13 21:54Impact
Several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible.
We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there will be multiple fixes for these issues.
Patches
We have patched the issue in GitHub commits 68422b215e618df5ad375bcdc6d2052e9fd3080a, 4d74d8a00b07441cba090a02e0dd9ed385145bf4, 579261dcd446385831fe4f7457d802a59685121d, da4aad5946be30e5f049920fa076e1f7ef021261, 4dddb2fd0b01cdd196101afbba6518658a2c9e07, and e7f497570abb6b4ae5af4970620cd880e4c0c904.
These fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41206"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-08T22:41:31Z",
"nvd_published_at": "2021-11-05T22:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nSeveral TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible.\n\nWe have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don\u0027t have reproducers and there will be multiple fixes for these issues.\n\n### Patches\nWe have patched the issue in GitHub commits [68422b215e618df5ad375bcdc6d2052e9fd3080a](https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a), [4d74d8a00b07441cba090a02e0dd9ed385145bf4](https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4), [579261dcd446385831fe4f7457d802a59685121d](https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d), [da4aad5946be30e5f049920fa076e1f7ef021261](https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261), [4dddb2fd0b01cdd196101afbba6518658a2c9e07](https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07), and [e7f497570abb6b4ae5af4970620cd880e4c0c904](https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904).\n\nThese fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.",
"id": "GHSA-pgcq-h79j-2f69",
"modified": "2024-11-13T21:54:40Z",
"published": "2021-11-10T19:03:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41206"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-845.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-847.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-843.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Incomplete validation of shapes in multiple TF ops"
}
GHSA-PGGG-FP6X-7WW3
Vulnerability from github – Published: 2024-12-18 06:30 – Updated: 2025-02-11 00:31A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data.
{
"affected": [],
"aliases": [
"CVE-2024-56169"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-18T05:15:08Z",
"severity": "MODERATE"
},
"details": "A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data.",
"id": "GHSA-pggg-fp6x-7ww3",
"modified": "2025-02-11T00:31:47Z",
"published": "2024-12-18T06:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56169"
},
{
"type": "WEB",
"url": "https://github.com/NICMx/FORT-validator/issues/82"
},
{
"type": "WEB",
"url": "https://nicmx.github.io/FORT-validator/CVE.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PJFH-CVV7-X572
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
{
"affected": [],
"aliases": [
"CVE-2020-25862"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-06T15:15:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.",
"id": "GHSA-pjfh-cvv7-x572",
"modified": "2022-05-24T17:30:11Z",
"published": "2022-05-24T17:30:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25862"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/commit/7f3fe6164a68b76d9988c4253b24d43f498f1753"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16816"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DQHPKZFQ7W3X34RYN3FWFYCFJD4FXJW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IGRYKW4XLR44YDWTAH547ODYYBYPB2D"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUHMK5HYTUUDXA64T2TAMAFMYV674QBW"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-12.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.
CAPEC-145: Checksum Spoofing
An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-75: Manipulating Writeable Configuration Files
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.