{"vulnerability": "cve-2022-4190", "sightings": [{"uuid": "3d8c2066-f301-41a3-b19c-f46b814d1ad6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41903", "type": "seen", "source": "MISP/81745fb9-5708-474a-970d-c009efdc14a7", "content": "", "creation_timestamp": "2023-01-19T12:11:09.000000Z"}, {"uuid": "de2ba552-a530-4bf4-9c9c-fe92f298d4d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41903", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "1aaf8aed-9446-4b07-8698-664146f7a6d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41903", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2317", "content": "#exploit\n1. CVE-2023-0179:\nLinux kernel stack buffer overflow in nftables\nhttps://seclists.org/oss-sec/2023/q1/20\n\n2. Security Audit of Git:\nCVE-2022-23521:\nTruncated Allocation Leading to Out of Bounds Write Via Large Number of Attributes\nCVE-2022-41903: \nOut of Bounds Memory Write in Log Formatting\nhttps://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif", "creation_timestamp": "2023-01-19T15:21:31.000000Z"}, {"uuid": "ebf88c9e-2b1b-45d2-8e8f-1652c76003ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41903", "type": "seen", "source": "https://t.me/ctinow/87892", "content": "Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251)\n\nhttps://ift.tt/H1IQVGZ", "creation_timestamp": "2023-01-19T14:59:30.000000Z"}, {"uuid": "6c8e270b-daac-454b-b46d-31de6602cebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41903", "type": "seen", "source": "https://t.me/alexmakus/4909", "content": "\u043a\u0441\u0442\u0430\u0442\u0438 \u043f\u0440\u043e \u0430\u043f\u0434\u0435\u0439\u0442\u044b, \u0447\u0438\u0442\u0430\u0442\u0435\u043b\u044c \u0442\u0443\u0442 \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u043b \u0435\u0449\u0435 \u043f\u0440\u043e Atlassian. \u0422\u043e\u0436\u0435 \u0430\u043f\u0434\u0435\u0439\u0442\u044b, \u0434\u043b\u044f Bitbucket Server and Data, Bamboo Server and Data Center, Fisheye, Crucible, Sourcetree\n\nhttps://confluence.atlassian.com/security/multiple-products-security-advisory-git-buffer-overflow-cve-2022-41903-cve-2022-23521-1189805967.html", "creation_timestamp": "2023-02-15T19:38:55.000000Z"}, {"uuid": "d0bd35f4-0a85-4595-8b32-bacf6e52665c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41903", "type": "seen", "source": "https://t.me/arpsyndicate/1707", "content": "#ExploitObserverAlert\n\nCVE-2022-41903\n\nDESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-41903. Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.\n\nFIRST-EPSS: 0.001170000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-11T06:02:11.000000Z"}, {"uuid": "1fa18837-2b56-4af4-9438-2c0d49cb8602", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41903", "type": "seen", "source": "https://t.me/true_secator/3955", "content": "Git \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c RCE \u043f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043a\u0443\u0447\u0438.\n\n\u0422\u0440\u0435\u0442\u0438\u0439 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b\u0439 \u0434\u043b\u044f Windows \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0439 \u043d\u0430 Git GUI, \u0432\u044b\u0437\u0432\u0430\u043d \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u043f\u043e\u0438\u0441\u043a\u0430 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u042d\u0440\u0438\u043a \u0421\u0435\u0441\u0442\u0435\u0440\u0445\u0435\u043d\u043d \u0438 \u041c\u0430\u0440\u043a\u0443\u0441 \u0412\u0435\u0440\u0432\u044c\u0435  \u0438\u0437 X41, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0414\u0436\u043e\u0440\u043d \u0428\u043d\u0435\u0435\u0432\u0430\u0439\u0441 \u0438\u0437 GitLab \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0438\u0445 \u0432 \u0445\u043e\u0434\u0435\u00a0\u0430\u0443\u0434\u0438\u0442\u0430 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 Git \u043f\u043e \u0437\u0430\u043a\u0430\u0437\u0443\u00a0OSTIF.\n\n\u041f\u0435\u0440\u0432\u044b\u0435 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: \u043e\u0434\u043d\u0430 CVE-2022-41903\u00a0- \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u0444\u043e\u0440\u043c\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u043e\u043c\u043c\u0438\u0442\u043e\u0432 \u0438\u00a0CVE-2022-23521\u00a0- \u0432 \u043f\u0430\u0440\u0441\u0435\u0440\u0435 gitattributes - \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043d\u043e\u0432\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 2.30.7.\n\n\u0422\u0440\u0435\u0442\u044c\u044f, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-41953, \u0432\u0441\u0435 \u0435\u0449\u0435 \u043e\u0436\u0438\u0434\u0430\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043d\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u041f\u041e Git GUI \u0434\u043b\u044f \u043a\u043b\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 \u0438\u043b\u0438 \u0438\u0437\u0431\u0435\u0433\u0430\u044f \u043a\u043b\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0438\u0437 \u043d\u0438\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 \u043a\u0443\u0447\u0435 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u043b\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043b\u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a RCE, \u0430 \u0434\u0440\u0443\u0433\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 - \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u0440\u0445\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0447\u0442\u043e \u043e\u0431\u044b\u0447\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0430\u043c\u0438 Git.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0431\u044b\u043b\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043e \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0446\u0435\u043b\u044b\u043c\u0438 \u0447\u0438\u0441\u043b\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f\u043c \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0447\u0442\u0435\u043d\u0438\u044e \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043d\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0443\u0433\u0440\u043e\u0437 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u00abgit-\u0430\u0440\u0445\u0438\u0432\u00bb \u0432 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 \u0438\u043b\u0438 \u0438\u0437\u0431\u0435\u0433\u0430\u0442\u044c \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445.\n\n\u0415\u0441\u043b\u0438 \u00abgit-\u0430\u0440\u0445\u0438\u0432\u00bb \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0447\u0435\u0440\u0435\u0437 \u00abgit daemon\u00bb, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0435\u0433\u043e \u043f\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u043c\u0438 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u043c\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u00abgit config --global daemon.uploadArch false\u00bb.\n\nGitLab \u043d\u0430\u0441\u0442\u0430\u0438\u0432\u0430\u0435\u0442 \u043d\u0430 \u0442\u043e\u043c, \u0447\u0442\u043e \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u043c \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u043a\u043e\u0440\u0435\u0439\u0448\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u0441\u0435\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Git v2.39.1.", "creation_timestamp": "2023-01-18T16:10:08.000000Z"}, {"uuid": "712db33f-a563-4fdf-8661-863e0eccf3e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41906", "type": "seen", "source": "https://t.me/cibsecurity/52876", "content": "\u203c CVE-2022-41906 \u203c\n\nOpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:39:27.000000Z"}, {"uuid": "1b187bd4-79b8-4d8a-849c-504d7d9079c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41902", "type": "seen", "source": "https://t.me/cibsecurity/54108", "content": "\u203c CVE-2022-41902 \u203c\n\nTensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-07T00:41:10.000000Z"}, {"uuid": "217a07db-d50f-4a29-9454-de680fcf8ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41901", "type": "seen", "source": "https://t.me/cibsecurity/53190", "content": "\u203c CVE-2022-41901 \u203c\n\nTensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T00:29:49.000000Z"}, {"uuid": "2787c084-6fe7-4236-ab17-86577aa9aba5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41908", "type": "seen", "source": "https://t.me/cibsecurity/53187", "content": "\u203c CVE-2022-41908 \u203c\n\nTensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T00:29:46.000000Z"}, {"uuid": "68ef0d45-b588-4169-8c19-fb72aa05b8ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41909", "type": "seen", "source": "https://t.me/cibsecurity/53177", "content": "\u203c CVE-2022-41909 \u203c\n\nTensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T00:29:35.000000Z"}, {"uuid": "3e95c709-e228-4de2-ae50-5a39a509cafa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41907", "type": "seen", "source": "https://t.me/cibsecurity/53175", "content": "\u203c CVE-2022-41907 \u203c\n\nTensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T00:29:33.000000Z"}, {"uuid": "fe3a0c5f-f137-4c40-ae42-c16d23cc2b1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41903", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7572", "content": "#exploit\n1. CVE-2023-0179:\nLinux kernel stack buffer overflow in nftables\nhttps://seclists.org/oss-sec/2023/q1/20\n]-&gt; https://github.com/TurtleARM/CVE-2023-0179-PoC\n\n2. Security Audit of Git:\nCVE-2022-23521:\nTruncated Allocation Leading to Out of Bounds Write Via Large Number of Attributes\nCVE-2022-41903: \nOut of Bounds Memory Write in Log Formatting\nhttps://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif", "creation_timestamp": "2023-01-22T13:04:27.000000Z"}]}