CWE-665
DiscouragedImproper Initialization
Abstraction: Class · Status: Draft
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
425 vulnerabilities reference this CWE, most recent first.
GHSA-MHH5-FMPV-M2JW
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320
{
"affected": [],
"aliases": [
"CVE-2020-0438"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-10T13:15:00Z",
"severity": "HIGH"
},
"details": "In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320",
"id": "GHSA-mhh5-fmpv-m2jw",
"modified": "2022-05-24T17:33:26Z",
"published": "2022-05-24T17:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0438"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-11-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MHPX-2QW7-QWQP
Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487
{
"affected": [],
"aliases": [
"CVE-2020-0272"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-18T16:15:00Z",
"severity": "MODERATE"
},
"details": "In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487",
"id": "GHSA-mhpx-2qw7-qwqp",
"modified": "2022-05-24T17:28:33Z",
"published": "2022-05-24T17:28:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0272"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-11"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MJ2X-C9J2-VP7G
Vulnerability from github – Published: 2024-08-08 18:31 – Updated: 2024-08-09 18:30Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR03 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
{
"affected": [],
"aliases": [
"CVE-2023-40261"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-08T18:15:09Z",
"severity": "MODERATE"
},
"details": "Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR03 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system\u0027s hard disk.",
"id": "GHSA-mj2x-c9j2-vp7g",
"modified": "2024-08-09T18:30:45Z",
"published": "2024-08-08T18:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40261"
},
{
"type": "WEB",
"url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf"
},
{
"type": "WEB",
"url": "https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MJ6W-HPF8-F9Q2
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2020-12357"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T19:15:00Z",
"severity": "MODERATE"
},
"details": "Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-mj6w-hpf8-f9q2",
"modified": "2022-05-24T19:04:30Z",
"published": "2022-05-24T19:04:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12357"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210702-0002"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMPH-RG95-J757
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.
{
"affected": [],
"aliases": [
"CVE-2018-14678"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-28T18:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.",
"id": "GHSA-mmph-rg95-j757",
"modified": "2022-05-13T01:50:02Z",
"published": "2022-05-13T01:50:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14678"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3931-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3931-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-274.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104924"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041397"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQ5C-PRH3-3F3H
Vulnerability from github – Published: 2021-05-21 14:28 – Updated: 2024-11-13 16:23Impact
The validation in tf.raw_ops.QuantizeAndDequantizeV2 allows invalid values for axis argument:
import tensorflow as tf
input_tensor = tf.constant([0.0], shape=[1], dtype=float)
input_min = tf.constant(-10.0)
input_max = tf.constant(-10.0)
tf.raw_ops.QuantizeAndDequantizeV2(
input=input_tensor, input_min=input_min, input_max=input_max,
signed_input=False, num_bits=1, range_given=False, round_mode='HALF_TO_EVEN',
narrow_range=False, axis=-2)
The validation uses || to mix two different conditions:
OP_REQUIRES(ctx,
(axis_ == -1 || axis_ < input.shape().dims()),
errors::InvalidArgument(...));
If axis_ < -1 the condition in OP_REQUIRES will still be true, but this value of axis_ results in heap underflow. This allows attackers to read/write to other data on the heap.
Patches
We have patched the issue in GitHub commit c5b0d5f8ac19888e46ca14b0e27562e7fbbee9a9.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29610"
],
"database_specific": {
"cwe_ids": [
"CWE-665",
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-17T22:05:10Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nThe validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:\n\n```python\nimport tensorflow as tf\n\ninput_tensor = tf.constant([0.0], shape=[1], dtype=float)\ninput_min = tf.constant(-10.0)\ninput_max = tf.constant(-10.0)\n\ntf.raw_ops.QuantizeAndDequantizeV2(\n input=input_tensor, input_min=input_min, input_max=input_max,\n signed_input=False, num_bits=1, range_given=False, round_mode=\u0027HALF_TO_EVEN\u0027,\n narrow_range=False, axis=-2)\n``` \n\nThe [validation](https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L74-L77) uses `||` to mix two different conditions:\n\n```cc\nOP_REQUIRES(ctx,\n (axis_ == -1 || axis_ \u003c input.shape().dims()),\n errors::InvalidArgument(...));\n```\n\nIf `axis_ \u003c -1` the condition in `OP_REQUIRES` will still be true, but this value of `axis_` results in heap underflow. This allows attackers to read/write to other data on the heap.\n\n### Patches\nWe have patched the issue in GitHub commit [c5b0d5f8ac19888e46ca14b0e27562e7fbbee9a9](https://github.com/tensorflow/tensorflow/commit/c5b0d5f8ac19888e46ca14b0e27562e7fbbee9a9).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.",
"id": "GHSA-mq5c-prh3-3f3h",
"modified": "2024-11-13T16:23:17Z",
"published": "2021-05-21T14:28:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mq5c-prh3-3f3h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29610"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/c5b0d5f8ac19888e46ca14b0e27562e7fbbee9a9"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-538.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-736.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-247.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Invalid validation in `QuantizeAndDequantizeV2`"
}
GHSA-MV8X-668M-53FG
Vulnerability from github – Published: 2022-09-16 21:21 – Updated: 2022-09-16 21:21Impact
Read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers.
Patches
Patch v1.3.35 or higher
Workarounds
No workaround
References
For future reference and understanding of this issue, anyone can check this integration test https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452 that proves the fix and prevents a future code regression.
For more information
If you have any questions or comments about this advisory: * Open an issue in elrond-go (http://github.com/ElrondNetwork/elrond-go/issues)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.3.34"
},
"package": {
"ecosystem": "Go",
"name": "github.com/ElrondNetwork/elrond-go"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.35"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-36061"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T21:21:43Z",
"nvd_published_at": "2022-09-06T21:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nRead only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract\u0027s B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers.\n\n### Patches\nPatch v1.3.35 or higher\n\n### Workarounds\nNo workaround\n\n### References\nFor future reference and understanding of this issue, anyone can check this integration test https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452 that proves the fix and prevents a future code regression. \n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in elrond-go ([http://github.com/ElrondNetwork/elrond-go/issues](https://github.com/ElrondNetwork/elrond-go/issues))\n",
"id": "GHSA-mv8x-668m-53fg",
"modified": "2022-09-16T21:21:43Z",
"published": "2022-09-16T21:21:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-mv8x-668m-53fg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36061"
},
{
"type": "PACKAGE",
"url": "https://github.com/ElrondNetwork/elrond-go"
},
{
"type": "WEB",
"url": "https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452"
},
{
"type": "WEB",
"url": "https://github.com/ElrondNetwork/elrond-go/releases/tag/v1.3.35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Elrond-go has improper initialization"
}
GHSA-MWJ6-29R9-VGQ2
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53.
{
"affected": [],
"aliases": [
"CVE-2017-5468"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue with incorrect ownership model of \"privateBrowsing\" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox \u003c 53.",
"id": "GHSA-mwj6-29r9-vgq2",
"modified": "2022-05-13T01:46:10Z",
"published": "2022-05-13T01:46:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5468"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1329521"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038320"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWR4-HJV7-WJRH
Vulnerability from github – Published: 2023-08-30 18:30 – Updated: 2024-04-04 07:17In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
{
"affected": [],
"aliases": [
"CVE-2023-40596"
],
"database_specific": {
"cwe_ids": [
"CWE-427",
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-30T17:15:10Z",
"severity": "HIGH"
},
"details": "In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.",
"id": "GHSA-mwr4-hjv7-wjrh",
"modified": "2024-04-04T07:17:56Z",
"published": "2023-08-30T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40596"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0805"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MX2X-WMRJ-98V7
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
{
"affected": [],
"aliases": [
"CVE-2020-15989"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-03T03:15:00Z",
"severity": "MODERATE"
},
"details": "Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.",
"id": "GHSA-mx2x-wmrj-98v7",
"modified": "2022-05-24T17:32:55Z",
"published": "2022-05-24T17:32:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15989"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1108351"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-30"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4824"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable's type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some conditions might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile your product with settings that generate warnings about uninitialized variables or data.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.