Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-1790
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
IBM Security Guardium: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.
Angriff
Ein Angreifer aus dem angrenzenden Netzwerk, ein entfernter, anonymer oder ein lokaler Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um seine Privilegien zu erhöhen, beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Security Guardium ist eine L\u00f6sung f\u00fcr die \u00dcberwachung und Auditierung des Datenzugriffs.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem angrenzenden Netzwerk, ein entfernter, anonymer oder ein lokaler Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1790 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1790.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1790 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1790"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 7007815 vom 2023-07-18",
"url": "https://www.ibm.com/support/pages/node/7007815"
}
],
"source_lang": "en-US",
"title": "IBM Security Guardium: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-07-18T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:37:05.646+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-1790",
"initial_release_date": "2023-07-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Security Guardium 11.3",
"product": {
"name": "IBM Security Guardium 11.3",
"product_id": "1048943",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.3"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0286",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen insbesondere in Komponenten von Drittanbietern wie rsyslog, OpenSSL, Intel Wireless Bluetooth, gzip und zlib. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"1048943"
]
},
"release_date": "2023-07-18T22:00:00Z",
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2022-439210",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen insbesondere in Komponenten von Drittanbietern wie rsyslog, OpenSSL, Intel Wireless Bluetooth, gzip und zlib. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"1048943"
]
},
"release_date": "2023-07-18T22:00:00Z",
"title": "CVE-2022-439210"
},
{
"cve": "CVE-2022-43908",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen insbesondere in Komponenten von Drittanbietern wie rsyslog, OpenSSL, Intel Wireless Bluetooth, gzip und zlib. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"1048943"
]
},
"release_date": "2023-07-18T22:00:00Z",
"title": "CVE-2022-43908"
},
{
"cve": "CVE-2022-4378",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen insbesondere in Komponenten von Drittanbietern wie rsyslog, OpenSSL, Intel Wireless Bluetooth, gzip und zlib. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"1048943"
]
},
"release_date": "2023-07-18T22:00:00Z",
"title": "CVE-2022-4378"
},
{
"cve": "CVE-2022-37434",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen insbesondere in Komponenten von Drittanbietern wie rsyslog, OpenSSL, Intel Wireless Bluetooth, gzip und zlib. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"1048943"
]
},
"release_date": "2023-07-18T22:00:00Z",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-24903",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen insbesondere in Komponenten von Drittanbietern wie rsyslog, OpenSSL, Intel Wireless Bluetooth, gzip und zlib. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"1048943"
]
},
"release_date": "2023-07-18T22:00:00Z",
"title": "CVE-2022-24903"
},
{
"cve": "CVE-2022-1271",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen insbesondere in Komponenten von Drittanbietern wie rsyslog, OpenSSL, Intel Wireless Bluetooth, gzip und zlib. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"1048943"
]
},
"release_date": "2023-07-18T22:00:00Z",
"title": "CVE-2022-1271"
},
{
"cve": "CVE-2020-12321",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen insbesondere in Komponenten von Drittanbietern wie rsyslog, OpenSSL, Intel Wireless Bluetooth, gzip und zlib. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"1048943"
]
},
"release_date": "2023-07-18T22:00:00Z",
"title": "CVE-2020-12321"
}
]
}
cve-2022-24903
Vulnerability from cvelistv5
Published
2022-05-05 00:00
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705"
},
{
"name": "FEDORA-2022-f796a28a7b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/"
},
{
"name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3016-1] rsyslog security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html"
},
{
"name": "DSA-5150",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5150"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221111-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rsyslog",
"vendor": "rsyslog",
"versions": [
{
"status": "affected",
"version": "\u003c 8.2204.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8"
},
{
"url": "https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705"
},
{
"name": "FEDORA-2022-f796a28a7b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/"
},
{
"name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3016-1] rsyslog security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html"
},
{
"name": "DSA-5150",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5150"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221111-0002/"
}
],
"source": {
"advisory": "GHSA-ggw7-xr6h-mmr8",
"discovery": "UNKNOWN"
},
"title": "Buffer overflow in TCP syslog server (receiver) components in rsyslog"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24903",
"datePublished": "2022-05-05T00:00:00",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12321
Vulnerability from cvelistv5
Published
2020-11-12 18:12
Modified
2024-08-04 11:56
Severity ?
EPSS score ?
Summary
Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Intel(R) Wireless Bluetooth(R) |
Version: before version 21.110 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:51.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) Wireless Bluetooth(R)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 21.110"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-12T18:12:10",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2020-12321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Wireless Bluetooth(R)",
"version": {
"version_data": [
{
"version_value": "before version 21.110"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-12321",
"datePublished": "2020-11-12T18:12:10",
"dateReserved": "2020-04-28T00:00:00",
"dateUpdated": "2024-08-04T11:56:51.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0286
Vulnerability from cvelistv5
Published
2023-02-08 19:01
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:44.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1t",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zg",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "David Benjamin (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hugo Landau"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a type confusion vulnerability relating to X.400 address processing\u003cbr\u003einside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\u003cbr\u003ethe public structure definition for GENERAL_NAME incorrectly specified the type\u003cbr\u003eof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\u003cbr\u003ethe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\u003cbr\u003eASN1_STRING.\u003cbr\u003e\u003cbr\u003eWhen CRL checking is enabled (i.e. the application sets the\u003cbr\u003eX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\u003cbr\u003earbitrary pointers to a memcmp call, enabling them to read memory contents or\u003cbr\u003eenact a denial of service. In most cases, the attack requires the attacker to\u003cbr\u003eprovide both the certificate chain and CRL, neither of which need to have a\u003cbr\u003evalid signature. If the attacker only controls one of these inputs, the other\u003cbr\u003einput must already contain an X.400 address as a CRL distribution point, which\u003cbr\u003eis uncommon. As such, this vulnerability is most likely to only affect\u003cbr\u003eapplications which have implemented their own functionality for retrieving CRLs\u003cbr\u003eover a network.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n"
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "High"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": " type confusion vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T18:25:32.958867Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "X.400 address type confusion in X.509 GeneralName",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-0286",
"datePublished": "2023-02-08T19:01:50.514Z",
"dateReserved": "2023-01-13T10:40:41.259Z",
"dateUpdated": "2024-08-02T05:02:44.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37434
Vulnerability from cvelistv5
Published
2022-08-05 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ivd38/zlib_overflow"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764"
},
{
"name": "[oss-security] 20220805 zlib buffer overflow",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/05/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/curl/curl/issues/9271"
},
{
"name": "[oss-security] 20220808 Re: zlib buffer overflow",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/09/1"
},
{
"name": "FEDORA-2022-25e4dbedf9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/"
},
{
"name": "DSA-5218",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5218"
},
{
"name": "FEDORA-2022-15da0cf165",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0005/"
},
{
"name": "FEDORA-2022-b8232d1cca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/"
},
{
"name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html"
},
{
"name": "FEDORA-2022-3c28ae0cd8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/"
},
{
"name": "FEDORA-2022-0b517a5397",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213489"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213494"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213493"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213491"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213490"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/38"
},
{
"name": "20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/37"
},
{
"name": "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/42"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "unknown",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-30T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ivd38/zlib_overflow"
},
{
"url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1"
},
{
"url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063"
},
{
"url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764"
},
{
"name": "[oss-security] 20220805 zlib buffer overflow",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/05/2"
},
{
"url": "https://github.com/curl/curl/issues/9271"
},
{
"name": "[oss-security] 20220808 Re: zlib buffer overflow",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/09/1"
},
{
"name": "FEDORA-2022-25e4dbedf9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/"
},
{
"name": "DSA-5218",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5218"
},
{
"name": "FEDORA-2022-15da0cf165",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220901-0005/"
},
{
"name": "FEDORA-2022-b8232d1cca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/"
},
{
"name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html"
},
{
"name": "FEDORA-2022-3c28ae0cd8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/"
},
{
"name": "FEDORA-2022-0b517a5397",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/"
},
{
"url": "https://support.apple.com/kb/HT213489"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"url": "https://support.apple.com/kb/HT213494"
},
{
"url": "https://support.apple.com/kb/HT213493"
},
{
"url": "https://support.apple.com/kb/HT213491"
},
{
"url": "https://support.apple.com/kb/HT213490"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/38"
},
{
"name": "20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/37"
},
{
"name": "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/42"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37434",
"datePublished": "2022-08-05T00:00:00",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2024-08-03T10:29:21.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43908
Vulnerability from cvelistv5
Published
2023-07-19 01:56
Modified
2024-10-21 15:04
Severity ?
EPSS score ?
Summary
IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7007815 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/240903 | vdb-entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Guardium |
Version: 11.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7007815"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240903"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T15:03:56.245607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T15:04:11.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Security Guardium",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T01:56:52.445Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7007815"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240903"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Guardium denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-43908",
"datePublished": "2023-07-19T01:56:52.445Z",
"dateReserved": "2022-10-26T15:46:22.844Z",
"dateUpdated": "2024-10-21T15:04:11.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4378
Vulnerability from cvelistv5
Published
2023-01-05 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152548"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2022/q4/178"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 6.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow flaw was found in the Linux kernel\u0027s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131-\u003eCWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-08T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152548"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch"
},
{
"url": "https://seclists.org/oss-sec/2022/q4/178"
},
{
"url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4378",
"datePublished": "2023-01-05T00:00:00",
"dateReserved": "2022-12-09T00:00:00",
"dateUpdated": "2024-08-03T01:41:44.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1271
Vulnerability from cvelistv5
Published
2022-08-31 15:33
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2073310 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2022/04/07/8 | x_refsource_MISC | |
| https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html | x_refsource_MISC | |
| https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch | x_refsource_MISC | |
| https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2022-1271 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2022-1271 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202209-01 | vendor-advisory, x_refsource_GENTOO | |
| https://security.netapp.com/advisory/ntap-20220930-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | gzip, xz-utils |
Version: Fixed in gzip 1.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/04/07/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-1271"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-1271"
},
{
"name": "GLSA-202209-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220930-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gzip, xz-utils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in gzip 1.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file write vulnerability was found in GNU gzip\u0027s zgrep utility. When zgrep is applied on the attacker\u0027s chosen file name (for example, a crafted file name), this can overwrite an attacker\u0027s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-179",
"description": "CWE-179 - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-30T15:06:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/04/07/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-1271"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-1271"
},
{
"name": "GLSA-202209-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220930-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-1271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gzip, xz-utils",
"version": {
"version_data": [
{
"version_value": "Fixed in gzip 1.12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary file write vulnerability was found in GNU gzip\u0027s zgrep utility. When zgrep is applied on the attacker\u0027s chosen file name (for example, a crafted file name), this can overwrite an attacker\u0027s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-179 - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310"
},
{
"name": "https://www.openwall.com/lists/oss-security/2022/04/07/8",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/04/07/8"
},
{
"name": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html"
},
{
"name": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch",
"refsource": "MISC",
"url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch"
},
{
"name": "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6",
"refsource": "MISC",
"url": "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2022-1271",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2022-1271"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2022-1271",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2022-1271"
},
{
"name": "GLSA-202209-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-01"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220930-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220930-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1271",
"datePublished": "2022-08-31T15:33:00",
"dateReserved": "2022-04-07T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.