Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2024-1307
Vulnerability from csaf_certbund
Published
2024-06-06 22:00
Modified
2024-06-13 22:00
Summary
Red Hat OpenShift Service Mesh Containers: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh Containers ausnutzen, um Dateien zu manipulieren, einen 'Denial of Service'-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh Containers ausnutzen, um Dateien zu manipulieren, einen \u0027Denial of Service\u0027-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges\n- UNIX", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1307 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1307.json" }, { "category": "self", "summary": "WID-SEC-2024-1307 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1307" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3680 vom 2024-06-06", "url": "https://access.redhat.com/errata/RHSA-2024:3680" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3683 vom 2024-06-06", "url": "https://access.redhat.com/errata/RHSA-2024:3683" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3790 vom 2024-06-11", "url": "https://access.redhat.com/errata/RHSA-2024:3790" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3314 vom 2024-06-13", "url": "https://access.redhat.com/errata/RHSA-2024:3314" } ], "source_lang": "en-US", "title": "Red Hat OpenShift Service Mesh Containers: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-06-13T22:00:00.000+00:00", "generator": { "date": "2024-06-14T08:08:17.851+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-1307", "initial_release_date": "2024-06-06T22:00:00.000+00:00", "revision_history": [ { "date": "2024-06-06T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-06-10T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-13T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "Service Mesh Containers \u003c2.5.2", "product": { "name": "Red Hat OpenShift Service Mesh Containers \u003c2.5.2", "product_id": "T035259", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:service_mesh_containers__2.5.2" } } }, { "category": "product_version_range", "name": "Service Mesh Containers \u003c2.4.8", "product": { "name": "Red Hat OpenShift Service Mesh Containers \u003c2.4.8", "product_id": "T035260", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:service_mesh_containers__2.4.8" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-25220", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2021-25220" }, { "cve": "CVE-2021-43618", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2021-43618" }, { "cve": "CVE-2021-46848", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2021-46848" }, { "cve": "CVE-2022-1271", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2022-1271" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-3094", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2022-3094" }, { "cve": "CVE-2022-36227", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2022-36227" }, { "cve": "CVE-2022-47024", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2022-47024" }, { "cve": "CVE-2022-47629", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2022-47629" }, { "cve": "CVE-2022-48303", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2022-48303" }, { "cve": "CVE-2022-48468", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2022-48468" }, { "cve": "CVE-2022-48554", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2022-48554" }, { "cve": "CVE-2022-48624", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2022-48624" }, { "cve": "CVE-2023-22745", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-22745" }, { "cve": "CVE-2023-2602", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-2602" }, { "cve": "CVE-2023-2603", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-2603" }, { "cve": "CVE-2023-29491", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-29491" }, { "cve": "CVE-2023-2975", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-2975" }, { "cve": "CVE-2023-3446", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-3446" }, { "cve": "CVE-2023-36054", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-36054" }, { "cve": "CVE-2023-3817", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-3817" }, { "cve": "CVE-2023-39975", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-39975" }, { "cve": "CVE-2023-4408", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-4408" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-45288", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-45288" }, { "cve": "CVE-2023-4641", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-4641" }, { "cve": "CVE-2023-4692", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-4692" }, { "cve": "CVE-2023-4693", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-4693" }, { "cve": "CVE-2023-47038", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-47038" }, { "cve": "CVE-2023-50387", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-50387" }, { "cve": "CVE-2023-50868", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-50868" }, { "cve": "CVE-2023-5517", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-5517" }, { "cve": "CVE-2023-5678", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-5678" }, { "cve": "CVE-2023-5679", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-5679" }, { "cve": "CVE-2023-6004", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-6004" }, { "cve": "CVE-2023-6129", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-6129" }, { "cve": "CVE-2023-6237", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-6237" }, { "cve": "CVE-2023-6516", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-6516" }, { "cve": "CVE-2023-6597", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-6597" }, { "cve": "CVE-2023-6918", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-6918" }, { "cve": "CVE-2023-7008", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-7008" }, { "cve": "CVE-2023-7104", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2023-7104" }, { "cve": "CVE-2024-0450", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-0450" }, { "cve": "CVE-2024-0727", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-0727" }, { "cve": "CVE-2024-1048", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-1048" }, { "cve": "CVE-2024-1313", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-1313" }, { "cve": "CVE-2024-1394", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-1394" }, { "cve": "CVE-2024-22195", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-22195" }, { "cve": "CVE-2024-22365", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-22365" }, { "cve": "CVE-2024-24786", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-24786" }, { "cve": "CVE-2024-25062", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-25062" }, { "cve": "CVE-2024-26458", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-26458" }, { "cve": "CVE-2024-26461", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-26461" }, { "cve": "CVE-2024-28834", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-28834" }, { "cve": "CVE-2024-28835", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-28835" }, { "cve": "CVE-2024-2961", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-2961" }, { "cve": "CVE-2024-33599", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-33599" }, { "cve": "CVE-2024-33600", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-33600" }, { "cve": "CVE-2024-33601", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-33601" }, { "cve": "CVE-2024-33602", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-06-06T22:00:00Z", "title": "CVE-2024-33602" } ] }
cve-2024-26458
Vulnerability from cvelistv5
Published
2024-02-26 00:00
Modified
2024-12-06 21:01
Severity ?
EPSS score ?
Summary
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26458", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T20:47:58.786706Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-06T21:01:53.155Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240415-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-15T15:06:14.610109", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md" }, { "url": "https://security.netapp.com/advisory/ntap-20240415-0010/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-26458", "datePublished": "2024-02-26T00:00:00", "dateReserved": "2024-02-19T00:00:00", "dateUpdated": "2024-12-06T21:01:53.155Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3094
Vulnerability from cvelistv5
Published
2023-01-25 21:34
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited.
Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.
If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.
BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16.
This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.
References
▼ | URL | Tags |
---|---|---|
https://kb.isc.org/docs/cve-2022-3094 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2022-3094", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-3094" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.36", "status": "affected", "version": "9.16.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.10", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.8", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.36-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Rob Schulhof from Infoblox for bringing this vulnerability to our attention." } ], "datePublic": "2023-01-25T00:00:00Z", "descriptions": [ { "lang": "en", "value": "Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited.\n\nMemory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.\n\nIf a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.\n\nBIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don\u0027t intend to address this for BIND versions prior to BIND 9.16.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "By flooding the target server with UPDATE requests, the attacker can exhaust all available memory on that server." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-26T06:03:10.975661Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2022-3094", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2022-3094" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.37, 9.18.11, 9.19.9, or 9.16.37-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "An UPDATE message flood may cause named to exhaust all available memory", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-3094", "datePublished": "2023-01-25T21:34:52.983Z", "dateReserved": "2022-09-02T10:25:47.183Z", "dateUpdated": "2024-08-03T01:00:10.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33602
Vulnerability from cvelistv5
Published
2024-05-06 19:22
Modified
2024-08-02 02:36
Severity ?
EPSS score ?
Summary
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The GNU C Library | glibc |
Version: 2.15 < 2.40 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "glibc", "vendor": "gnu", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-33602", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:09:29.755117Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:26:29.854Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0012/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003enscd: netgroup cache assumes NSS callback uses in-buffer strings\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\u003cbr\u003ewhen the NSS callback does not store all strings in the provided buffer.\u003cbr\u003eThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003c/div\u003e" } ], "value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n" } ], "impacts": [ { "capecId": "CAPEC-129", "descriptions": [ { "lang": "en", "value": "CAPEC-129 Pointer Manipulation" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-466", "description": "CWE-466 Return of Pointer Value Outside of Expected Range", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-06T19:22:12.383Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0012/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33602", "datePublished": "2024-05-06T19:22:12.383Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2024-08-02T02:36:04.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-50868
Vulnerability from cvelistv5
Published
2024-02-14 00:00
Modified
2024-08-02 22:23
Severity ?
EPSS score ?
Summary
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:23:43.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "tags": [ "x_transferred" ], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "tags": [ "x_transferred" ], "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "tags": [ "x_transferred" ], "url": "https://datatracker.ietf.org/doc/html/rfc5155" }, { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-50868" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "tags": [ "x_transferred" ], "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-50868" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219826" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0008/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T16:14:14.129606", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "url": "https://datatracker.ietf.org/doc/html/rfc5155" }, { "url": "https://kb.isc.org/docs/cve-2023-50868" }, { "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-50868" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219826" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0008/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-50868", "datePublished": "2024-02-14T00:00:00", "dateReserved": "2023-12-14T00:00:00", "dateUpdated": "2024-08-02T22:23:43.905Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2602
Vulnerability from cvelistv5
Published
2023-06-06 00:00
Modified
2024-08-02 06:26
Severity ?
EPSS score ?
Summary
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:26:09.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209114" }, { "tags": [ "x_transferred" ], "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" }, { "name": "FEDORA-2023-ad944c2d34", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" }, { "name": "FEDORA-2023-5911638116", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libcap", "vendor": "n/a", "versions": [ { "status": "affected", "version": "NA" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-30T05:06:19.565354", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209114" }, { "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" }, { "name": "FEDORA-2023-ad944c2d34", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" }, { "name": "FEDORA-2023-5911638116", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-2602", "datePublished": "2023-06-06T00:00:00", "dateReserved": "2023-05-09T00:00:00", "dateUpdated": "2024-08-02T06:26:09.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4692
Vulnerability from cvelistv5
Published
2023-10-25 10:27
Modified
2024-11-23 03:30
Severity ?
EPSS score ?
Summary
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2456 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3184 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-4692 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2236613 | issue-tracking, x_refsource_REDHAT | |
https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/ | ||
https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html | ||
https://seclists.org/oss-sec/2023/q4/37 |
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Patch: 2.12 |
||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:37:59.322Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2456", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "name": "RHSA-2024:3184", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4692" }, { "name": "RHBZ#2236613", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613" }, { "tags": [ "x_transferred" ], "url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PERFILCHFEUGG3OAMC6W55P6DDIBZK4Q/" }, { "tags": [ "x_transferred" ], "url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html" }, { "tags": [ "x_transferred" ], "url": "https://seclists.org/oss-sec/2023/q4/37" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-14" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231208-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://git.savannah.gnu.org/git/grub.git/", "packageName": "grub", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.12", "versionType": "custom" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "grub2", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:2.02-156.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "grub2", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:2.06-77.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "grub2", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-10-03T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An out-of-bounds write flaw was found in grub2\u0027s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub\u0027s heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T03:30:14.176Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2456", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "name": "RHSA-2024:3184", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4692" }, { "name": "RHBZ#2236613", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613" }, { "url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/" }, { "url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html" }, { "url": "https://seclists.org/oss-sec/2023/q4/37" } ], "timeline": [ { "lang": "en", "time": "2023-08-31T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-03T00:00:00+00:00", "value": "Made public." } ], "title": "Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution", "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4692", "datePublished": "2023-10-25T10:27:29.173Z", "dateReserved": "2023-08-31T21:53:09.692Z", "dateUpdated": "2024-11-23T03:30:14.176Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5678
Vulnerability from cvelistv5
Published
2023-11-06 15:47
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: Generating excessively long X9.42 DH keys or checking
excessively long X9.42 DH keys or parameters may be very slow.
Impact summary: Applications that use the functions DH_generate_key() to
generate an X9.42 DH key may experience long delays. Likewise, applications
that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
While DH_check() performs all the necessary checks (as of CVE-2023-3817),
DH_check_pub_key() doesn't make any of these checks, and is therefore
vulnerable for excessively large P and Q parameters.
Likewise, while DH_generate_key() performs a check for an excessively large
P, it doesn't check for an excessively large Q.
An application that calls DH_generate_key() or DH_check_pub_key() and
supplies a key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack.
DH_generate_key() and DH_check_pub_key() are also called by a number of
other OpenSSL functions. An application calling any of those other
functions may similarly be affected. The other functions affected by this
are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().
Also vulnerable are the OpenSSL pkey command line application when using the
"-pubcheck" option, as well as the OpenSSL genpkey command line application.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:07:32.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "name": "1.0.2zj git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "name": "1.1.1x git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "name": "3.0.13 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "name": "3.1.5 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231130-0010/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "1.0.2zj", "status": "affected", "version": "1.0.2", "versionType": "custom" }, { "lessThan": "1.1.1x", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "3.0.13", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "3.1.5", "status": "affected", "version": "3.1.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Richard Levitte" } ], "datePublic": "2023-11-06T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Generating excessively long X9.42 DH keys or checking\u003cbr\u003eexcessively long X9.42 DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_generate_key() to\u003cbr\u003egenerate an X9.42 DH key may experience long delays. Likewise, applications\u003cbr\u003ethat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\u003cbr\u003eto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\u003cbr\u003eWhere the key or parameters that are being checked have been obtained from\u003cbr\u003ean untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\u003cbr\u003eDH_check_pub_key() doesn\u0027t make any of these checks, and is therefore\u003cbr\u003evulnerable for excessively large P and Q parameters.\u003cbr\u003e\u003cbr\u003eLikewise, while DH_generate_key() performs a check for an excessively large\u003cbr\u003eP, it doesn\u0027t check for an excessively large Q.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_generate_key() or DH_check_pub_key() and\u003cbr\u003esupplies a key or parameters obtained from an untrusted source could be\u003cbr\u003evulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eDH_generate_key() and DH_check_pub_key() are also called by a number of\u003cbr\u003eother OpenSSL functions. An application calling any of those other\u003cbr\u003efunctions may similarly be affected. The other functions affected by this\u003cbr\u003eare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL pkey command line application when using the\u003cbr\u003e\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn\u0027t make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn\u0027t check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "LOW" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-606", "description": "CWE-606 Unchecked Input for Loop Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:53.778Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "name": "1.0.2zj git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "name": "1.1.1x git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "name": "3.0.13 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "name": "3.1.5 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" } ], "source": { "discovery": "UNKNOWN" }, "title": "Excessive time spent in DH check / generation with large Q parameter value", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-5678", "datePublished": "2023-11-06T15:47:30.795Z", "dateReserved": "2023-10-20T09:38:43.518Z", "dateUpdated": "2024-10-14T14:55:53.778Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48303
Vulnerability from cvelistv5
Published
2023-01-30 00:00
Modified
2024-08-03 15:10
Severity ?
EPSS score ?
Summary
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:10:59.656Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://savannah.gnu.org/bugs/?62387" }, { "tags": [ "x_transferred" ], "url": "https://savannah.gnu.org/patch/?10307" }, { "name": "FEDORA-2023-123778d70d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/" }, { "name": "FEDORA-2023-f72d3caf36", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-26T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://savannah.gnu.org/bugs/?62387" }, { "url": "https://savannah.gnu.org/patch/?10307" }, { "name": "FEDORA-2023-123778d70d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/" }, { "name": "FEDORA-2023-f72d3caf36", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48303", "datePublished": "2023-01-30T00:00:00", "dateReserved": "2023-01-30T00:00:00", "dateUpdated": "2024-08-03T15:10:59.656Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48554
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:17:55.372Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.astron.com/view.php?id=310" }, { "name": "DSA-5489", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5489" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231116-0002/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214081" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214088" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214084" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214086" }, { "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "name": "20240313 APPLE-SA-03-07-2024-6 tvOS 17.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/25" }, { "name": "20240313 APPLE-SA-03-07-2024-5 watchOS 10.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/24" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T22:07:17.737915", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugs.astron.com/view.php?id=310" }, { "name": "DSA-5489", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5489" }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0002/" }, { "url": "https://support.apple.com/kb/HT214081" }, { "url": "https://support.apple.com/kb/HT214088" }, { "url": "https://support.apple.com/kb/HT214084" }, { "url": "https://support.apple.com/kb/HT214086" }, { "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "name": "20240313 APPLE-SA-03-07-2024-6 tvOS 17.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/25" }, { "name": "20240313 APPLE-SA-03-07-2024-5 watchOS 10.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/24" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48554", "datePublished": "2023-08-22T00:00:00", "dateReserved": "2023-07-23T00:00:00", "dateUpdated": "2024-08-03T15:17:55.372Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6004
Vulnerability from cvelistv5
Published
2024-01-03 17:01
Modified
2024-11-24 12:54
Severity ?
EPSS score ?
Summary
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2504 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3233 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6004 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2251110 | issue-tracking, x_refsource_REDHAT | |
https://www.libssh.org/security/advisories/CVE-2023-6004.txt |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:0.9.6-14.el8 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:14:25.140Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2504", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2504" }, { "name": "RHSA-2024:3233", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3233" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6004" }, { "name": "RHBZ#2251110", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251110" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240223-0004/" }, { "tags": [ "x_transferred" ], "url": "https://www.libssh.org/security/advisories/CVE-2023-6004.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "libssh", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.9.6-14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "libssh", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.9.6-14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libssh", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.10.4-13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libssh", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.10.4-13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libssh", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Norbert Pocs (libssh) and vinci@protonmail.ch for reporting this issue." } ], "datePublic": "2023-12-18T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-74", "description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T12:54:16.729Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2504", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2504" }, { "name": "RHSA-2024:3233", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3233" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6004" }, { "name": "RHBZ#2251110", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251110" }, { "url": "https://www.libssh.org/security/advisories/CVE-2023-6004.txt" } ], "timeline": [ { "lang": "en", "time": "2023-11-22T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Made public." } ], "title": "Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6004", "datePublished": "2024-01-03T17:01:38.672Z", "dateReserved": "2023-11-07T23:07:50.073Z", "dateUpdated": "2024-11-24T12:54:16.729Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3817
Vulnerability from cvelistv5
Published
2023-07-31 15:34
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: Checking excessively long DH keys or parameters may be very slow.
Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.
The function DH_check() performs various checks on DH parameters. After fixing
CVE-2023-3446 it was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A correct q value,
if present, cannot be larger than the modulus p parameter, thus it is
unnecessary to perform these checks if q is larger than p.
An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulnerable to a Denial of Service attack.
The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().
Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the "-check" option.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:08:50.496Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230731.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5" }, { "name": "3.0.10 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f" }, { "name": "1.1.1v git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5" }, { "name": "1.0.2zi patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/43" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230818-0014/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231027-0008/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.1.2", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.10", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1v", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zi", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bernd Edlinger" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Tomas Mraz" } ], "datePublic": "2023-07-31T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_check(), DH_check_ex()\u003cbr\u003eor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\u003cbr\u003edelays. Where the key or parameters that are being checked have been obtained\u003cbr\u003efrom an untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eThe function DH_check() performs various checks on DH parameters. After fixing\u003cbr\u003eCVE-2023-3446 it was discovered that a large q parameter value can also trigger\u003cbr\u003ean overly long computation during some of these checks. A correct q value,\u003cbr\u003eif present, cannot be larger than the modulus p parameter, thus it is\u003cbr\u003eunnecessary to perform these checks if q is larger than p.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_check() and supplies a key or parameters obtained\u003cbr\u003efrom an untrusted source could be vulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eThe function DH_check() is itself called by a number of other OpenSSL functions.\u003cbr\u003eAn application calling any of those other functions may similarly be affected.\u003cbr\u003eThe other functions affected by this are DH_check_ex() and\u003cbr\u003eEVP_PKEY_param_check().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\u003cbr\u003ewhen using the \"-check\" option.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." } ], "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-606", "description": "CWE-606 Unchecked Input for Loop Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:48.907Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230731.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5" }, { "name": "3.0.10 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f" }, { "name": "1.1.1v git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5" }, { "name": "1.0.2zi patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644" } ], "source": { "discovery": "UNKNOWN" }, "title": "Excessive time spent checking DH q parameter value", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-3817", "datePublished": "2023-07-31T15:34:13.627Z", "dateReserved": "2023-07-21T08:47:25.638Z", "dateUpdated": "2024-10-14T14:55:48.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4408
Vulnerability from cvelistv5
Published
2024-02-13 14:04
Modified
2024-08-02 07:24
Severity ?
EPSS score ?
Summary
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.
This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-4408", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-21T20:37:05.447060Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:27:16.918Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T07:24:04.673Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2023-4408", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-4408" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.45", "status": "affected", "version": "9.0.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.19", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.11.37-S1", "status": "affected", "version": "9.9.3-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.16.45-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention." } ], "datePublic": "2024-02-13T00:00:00Z", "descriptions": [ { "lang": "en", "value": "The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "By flooding the target server with queries exploiting this flaw an attacker can significantly impair the server\u0027s performance, effectively denying legitimate clients access to the DNS resolution service." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2024-02-13T14:04:17.519Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2023-4408", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2023-4408" }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0001/" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Parsing large DNS messages may cause excessive CPU load", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2023-4408", "datePublished": "2024-02-13T14:04:17.519Z", "dateReserved": "2023-08-18T07:59:28.420Z", "dateUpdated": "2024-08-02T07:24:04.673Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3446
Vulnerability from cvelistv5
Published
2023-07-19 11:31
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: Checking excessively long DH keys or parameters may be very slow.
Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.
The function DH_check() performs various checks on DH parameters. One of those
checks confirms that the modulus ('p' parameter) is not too large. Trying to use
a very large modulus is slow and OpenSSL will not normally use a modulus which
is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus value
even if it has already been found to be too large.
An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulernable to a Denial of Service attack.
The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().
Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the '-check' option.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:55:03.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230719.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23" }, { "name": "3.0.10 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb" }, { "name": "1.1.1v git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528" }, { "name": "1.0.2zi patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230803-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/16/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.1.2", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.10", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1v", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zi", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "OSSfuzz" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2023-07-13T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_check(), DH_check_ex()\u003cbr\u003eor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\u003cbr\u003edelays. Where the key or parameters that are being checked have been obtained\u003cbr\u003efrom an untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eThe function DH_check() performs various checks on DH parameters. One of those\u003cbr\u003echecks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use\u003cbr\u003ea very large modulus is slow and OpenSSL will not normally use a modulus which\u003cbr\u003eis over 10,000 bits in length.\u003cbr\u003e\u003cbr\u003eHowever the DH_check() function checks numerous aspects of the key or parameters\u003cbr\u003ethat have been supplied. Some of those checks use the supplied modulus value\u003cbr\u003eeven if it has already been found to be too large.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_check() and supplies a key or parameters obtained\u003cbr\u003efrom an untrusted source could be vulernable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eThe function DH_check() is itself called by a number of other OpenSSL functions.\u003cbr\u003eAn application calling any of those other functions may similarly be affected.\u003cbr\u003eThe other functions affected by this are DH_check_ex() and\u003cbr\u003eEVP_PKEY_param_check().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\u003cbr\u003ewhen using the \u0027-check\u0027 option.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." } ], "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \u0027-check\u0027 option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-606", "description": "CWE-606 Unchecked Input for Loop Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:47.238Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230719.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23" }, { "name": "3.0.10 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb" }, { "name": "1.1.1v git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528" }, { "name": "1.0.2zi patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c" } ], "source": { "discovery": "UNKNOWN" }, "title": "Excessive time spent checking DH keys and parameters", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-3446", "datePublished": "2023-07-19T11:31:34.994Z", "dateReserved": "2023-06-28T14:21:39.968Z", "dateUpdated": "2024-10-14T14:55:47.238Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6516
Vulnerability from cvelistv5
Published
2024-02-13 14:05
Modified
2024-08-02 08:35
Severity ?
EPSS score ?
Summary
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.
This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bind", "vendor": "isc", "versions": [ { "lessThanOrEqual": "9.16.45", "status": "affected", "version": "9.16.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.45-s1", "status": "affected", "version": "9.16.8-s1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-6516", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-20T16:01:15.527012Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-28T16:35:10.580Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:13.212Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2023-6516", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-6516" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240503-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.45", "status": "affected", "version": "9.16.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.45-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Infoblox for bringing this vulnerability to our attention." } ], "datePublic": "2024-02-13T00:00:00Z", "descriptions": [ { "lang": "en", "value": "To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "By exploiting this flaw, an attacker can cause the amount of memory used by a `named` resolver to go well beyond the configured `max-cache-size` limit. The effectiveness of the attack depends on a number of environmental factors, but in the worst case the attacker can exhaust all available memory on the host running `named`, leading to a denial-of-service condition." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2024-02-13T14:05:28.933Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2023-6516", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2023-6516" }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240503-0008/" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48 or 9.16.48-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Specific recursive query patterns may lead to an out-of-memory condition", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2023-6516", "datePublished": "2024-02-13T14:05:28.933Z", "dateReserved": "2023-12-05T10:44:59.435Z", "dateUpdated": "2024-08-02T08:35:13.212Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24786
Vulnerability from cvelistv5
Published
2024-03-05 22:22
Modified
2024-11-07 16:23
Severity ?
EPSS score ?
Summary
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | google.golang.org/protobuf | google.golang.org/protobuf/encoding/protojson |
Version: 0 ≤ |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "go", "vendor": "golang", "versions": [ { "lessThan": "1.33.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-24786", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T16:22:27.828054Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T16:23:32.865Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.790Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/569356" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2611" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240517-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "google.golang.org/protobuf/encoding/protojson", "product": "google.golang.org/protobuf/encoding/protojson", "programRoutines": [ { "name": "UnmarshalOptions.unmarshal" }, { "name": "Unmarshal" }, { "name": "UnmarshalOptions.Unmarshal" } ], "vendor": "google.golang.org/protobuf", "versions": [ { "lessThan": "1.33.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "google.golang.org/protobuf/internal/encoding/json", "product": "google.golang.org/protobuf/internal/encoding/json", "programRoutines": [ { "name": "Decoder.Read" }, { "name": "Decoder.Peek" } ], "vendor": "google.golang.org/protobuf", "versions": [ { "lessThan": "1.33.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-05T22:22:35.299Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/569356" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2611" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "url": "https://security.netapp.com/advisory/ntap-20240517-0002/" } ], "title": "Infinite loop in JSON unmarshaling in google.golang.org/protobuf" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2024-24786", "datePublished": "2024-03-05T22:22:35.299Z", "dateReserved": "2024-01-30T16:05:14.757Z", "dateUpdated": "2024-11-07T16:23:32.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4693
Vulnerability from cvelistv5
Published
2023-10-25 10:27
Modified
2024-11-23 03:30
Severity ?
EPSS score ?
Summary
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2456 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3184 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-4693 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2238343 | issue-tracking, x_refsource_REDHAT | |
https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/ | ||
https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html | ||
https://seclists.org/oss-sec/2023/q4/37 |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 1:2.02-156.el8 < * cpe:/o:redhat:enterprise_linux:8::baseos |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:37:59.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2456", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "name": "RHSA-2024:3184", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4693" }, { "name": "RHBZ#2238343", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343" }, { "tags": [ "x_transferred" ], "url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PERFILCHFEUGG3OAMC6W55P6DDIBZK4Q/" }, { "tags": [ "x_transferred" ], "url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html" }, { "tags": [ "x_transferred" ], "url": "https://seclists.org/oss-sec/2023/q4/37" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-14" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231208-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "grub2", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:2.02-156.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "grub2", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:2.06-77.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "grub2", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-10-03T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An out-of-bounds read flaw was found on grub2\u0027s NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T03:30:32.531Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2456", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "name": "RHSA-2024:3184", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4693" }, { "name": "RHBZ#2238343", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343" }, { "url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/" }, { "url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html" }, { "url": "https://seclists.org/oss-sec/2023/q4/37" } ], "timeline": [ { "lang": "en", "time": "2023-09-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-03T00:00:00+00:00", "value": "Made public." } ], "title": "Grub2: out-of-bounds read at fs/ntfs.c", "x_redhatCweChain": "CWE-125: Out-of-bounds Read" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4693", "datePublished": "2023-10-25T10:27:29.100Z", "dateReserved": "2023-08-31T21:53:46.147Z", "dateUpdated": "2024-11-23T03:30:32.531Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22745
Vulnerability from cvelistv5
Published
2023-01-19 22:12
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.
References
▼ | URL | Tags |
---|---|---|
https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 | x_refsource_CONFIRM | |
https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | tpm2-software | tpm2-tss |
Version: <= 4.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67" }, { "name": "https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tpm2-tss", "vendor": "tpm2-software", "versions": [ { "status": "affected", "version": "\u003c= 4.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-19T22:12:40.208Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67" }, { "name": "https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5" } ], "source": { "advisory": "GHSA-4j3v-fh23-vx67", "discovery": "UNKNOWN" }, "title": "Buffer Overlow in TSS2_RC_Decode in tpm2-tss" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-22745", "datePublished": "2023-01-19T22:12:40.208Z", "dateReserved": "2023-01-06T14:21:05.893Z", "dateUpdated": "2024-08-02T10:20:30.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33600
Vulnerability from cvelistv5
Published
2024-05-06 19:22
Modified
2024-08-02 02:36
Severity ?
EPSS score ?
Summary
nscd: Null pointer crashes after notfound response
If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
netgroup response to the cache, the client request can result in a null
pointer dereference. This flaw was introduced in glibc 2.15 when the
cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The GNU C Library | glibc |
Version: 2.15 < 2.40 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-33600", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-07T19:13:16.760599Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:44:18.891Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.168Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0013/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003enscd: Null pointer crashes after notfound response\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\u003cbr\u003enetgroup response to the cache, the client request can result in a null\u003cbr\u003epointer dereference. This flaw was introduced in glibc 2.15 when the\u003cbr\u003ecache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e" } ], "value": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n" } ], "impacts": [ { "capecId": "CAPEC-129", "descriptions": [ { "lang": "en", "value": "CAPEC-129 Pointer Manipulation" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-06T19:22:02.726Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0013/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: Null pointer crashes after notfound response", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33600", "datePublished": "2024-05-06T19:22:02.726Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2024-08-02T02:36:04.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-22365
Vulnerability from cvelistv5
Published
2024-02-06 00:00
Modified
2024-08-01 22:43
Severity ?
EPSS score ?
Summary
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-22365", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-15T21:07:13.510998Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:52:23.208Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:43:34.704Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/linux-pam/linux-pam" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/18/3" }, { "tags": [ "x_transferred" ], "url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0" }, { "tags": [ "x_transferred" ], "url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-06T07:26:23.317057", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/linux-pam/linux-pam" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/18/3" }, { "url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0" }, { "url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-22365", "datePublished": "2024-02-06T00:00:00", "dateReserved": "2024-01-09T00:00:00", "dateUpdated": "2024-08-01T22:43:34.704Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26461
Vulnerability from cvelistv5
Published
2024-02-26 00:00
Modified
2024-08-14 15:15
Severity ?
EPSS score ?
Summary
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.361Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240415-0011/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:mit:kerberos_5:1.21.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "kerberos_5", "vendor": "mit", "versions": [ { "status": "affected", "version": "1.21.2" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26461", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T15:09:48.143388Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T15:15:42.206Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-15T15:06:17.596898", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md" }, { "url": "https://security.netapp.com/advisory/ntap-20240415-0011/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-26461", "datePublished": "2024-02-26T00:00:00", "dateReserved": "2024-02-19T00:00:00", "dateUpdated": "2024-08-14T15:15:42.206Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25220
Vulnerability from cvelistv5
Published
2022-03-23 12:50
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | ISC | BIND |
Version: Open Source Branch 9.11 9.11.0 through versions before 9.11.37 Version: Development Branch 9.17 BIND 9.17 all version Version: Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27 Version: Open Source Branch 9.18 9.18.0 Version: Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S Version: Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:56:11.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/v1/docs/cve-2021-25220" }, { "name": "FEDORA-2022-14e36aac0c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/" }, { "name": "FEDORA-2022-042d9c6146", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220408-0001/" }, { "name": "FEDORA-2022-a88218de5c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/" }, { "name": "FEDORA-2022-05918f0838", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/" }, { "name": "FEDORA-2022-3f293290c3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "name": "GLSA-202210-25", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "tags": [ "x_transferred" ], "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIND", "vendor": "ISC", "versions": [ { "status": "affected", "version": "Open Source Branch 9.11 9.11.0 through versions before 9.11.37" }, { "status": "affected", "version": "Development Branch 9.17 BIND 9.17 all version" }, { "status": "affected", "version": "Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27" }, { "status": "affected", "version": "Open Source Branch 9.18 9.18.0" }, { "status": "affected", "version": "Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S" }, { "status": "affected", "version": "Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue." } ], "datePublic": "2022-03-16T00:00:00", "descriptions": [ { "lang": "en", "value": "BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are: Resolvers using per zone or global forwarding with forward first (forward first is the default). Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only. Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-23T00:00:00", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "url": "https://kb.isc.org/v1/docs/cve-2021-25220" }, { "name": "FEDORA-2022-14e36aac0c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/" }, { "name": "FEDORA-2022-042d9c6146", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/" }, { "url": "https://security.netapp.com/advisory/ntap-20220408-0001/" }, { "name": "FEDORA-2022-a88218de5c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/" }, { "name": "FEDORA-2022-05918f0838", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/" }, { "name": "FEDORA-2022-3f293290c3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "name": "GLSA-202210-25", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND:\n BIND 9.11.37\n BIND 9.16.27\n BIND 9.18.1\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n BIND 9.11.37-S1\n BIND 9.16.27-S1" } ], "source": { "discovery": "EXTERNAL" }, "title": "DNS forwarders - cache poisoning vulnerability", "workarounds": [ { "lang": "en", "value": "If applicable, modify your configuration to either remove all forwarding or all possibility of recursion. Depending on your use-case, it may be possible to use other zone types to replace forward zones.\nActive exploits: We are not aware of any active exploits." } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2021-25220", "datePublished": "2022-03-23T12:50:10.367480Z", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-09-16T17:08:54.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33599
Vulnerability from cvelistv5
Published
2024-05-06 19:21
Modified
2024-08-02 02:36
Severity ?
EPSS score ?
Summary
nscd: Stack-based buffer overflow in netgroup cache
If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted
by client requests then a subsequent client request for netgroup data
may result in a stack-based buffer overflow. This flaw was introduced
in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The GNU C Library | glibc |
Version: 2.15 < 2.40 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-33599", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T19:01:02.703174Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:45:09.077Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.290Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "nscd: Stack-based buffer overflow in netgroup cache\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\u003cbr\u003eby client requests then a subsequent client request for netgroup data\u003cbr\u003emay result in a stack-based buffer overflow. This flaw was introduced\u003cbr\u003ein glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e" } ], "value": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n" } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-06T19:21:54.314Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0011/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: Stack-based buffer overflow in netgroup cache", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33599", "datePublished": "2024-05-06T19:21:54.314Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2024-08-02T02:36:04.290Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1048
Vulnerability from cvelistv5
Published
2024-02-06 17:30
Modified
2024-11-23 03:30
Severity ?
EPSS score ?
Summary
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2456 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3184 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1048 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2256827 | issue-tracking, x_refsource_REDHAT | |
https://www.openwall.com/lists/oss-security/2024/02/06/3 |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | |||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1048", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-26T20:13:20.423927Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:00:34.193Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:26:30.341Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/06/3" }, { "name": "RHSA-2024:2456", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "name": "RHSA-2024:3184", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1048" }, { "name": "RHBZ#2256827", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256827" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRZQCVZ3XOASVFT6XLO7F2ZXOLOHIJZQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJAEGRR3XHMBBBKYOVMII4P34IXEYPE/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240223-0007/" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2024/02/06/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/rhboot/grub2/", "defaultStatus": "unaffected", "packageName": "grub2", "versions": [ { "changes": [ { "at": "5425919", "status": "unaffected" } ], "lessThan": "*", "status": "unaffected", "version": "0", "versionType": "git" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "grub2", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:2.02-156.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "grub2", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:2.06-77.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "grub", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "grub2", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Solar Designer (CIQ/Rocky Linux) for reporting this issue." } ], "datePublic": "2024-02-06T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-459", "description": "Incomplete Cleanup", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T03:30:38.529Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2456", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "name": "RHSA-2024:3184", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1048" }, { "name": "RHBZ#2256827", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256827" }, { "url": "https://www.openwall.com/lists/oss-security/2024/02/06/3" } ], "timeline": [ { "lang": "en", "time": "2024-01-03T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-06T00:00:00+00:00", "value": "Made public." } ], "title": "Grub2: grub2-set-bootflag can be abused by local (pseudo-)users", "x_redhatCweChain": "CWE-459: Incomplete Cleanup" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1048", "datePublished": "2024-02-06T17:30:35.360Z", "dateReserved": "2024-01-29T18:42:11.310Z", "dateUpdated": "2024-11-23T03:30:38.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43618
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:03:08.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html" }, { "tags": [ "x_transferred" ], "url": "https://bugs.debian.org/994405" }, { "tags": [ "x_transferred" ], "url": "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e" }, { "name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html" }, { "name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/3" }, { "name": "20221016 Re: over 2000 packages depend on abort()ing libgmp", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/8" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221111-0001/" }, { "name": "GLSA-202309-13", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-13" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-29T14:06:22.071388", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html" }, { "url": "https://bugs.debian.org/994405" }, { "url": "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e" }, { "name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html" }, { "name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/3" }, { "name": "20221016 Re: over 2000 packages depend on abort()ing libgmp", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/8" }, { "url": "https://security.netapp.com/advisory/ntap-20221111-0001/" }, { "name": "GLSA-202309-13", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-13" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-43618", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-08-04T04:03:08.577Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4641
Vulnerability from cvelistv5
Published
2023-12-27 15:43
Modified
2024-08-02 07:31
Severity ?
EPSS score ?
Summary
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:6632 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:7112 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0417 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2577 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-4641 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2215945 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | |||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:31:06.633Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:6632", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6632" }, { "name": "RHSA-2023:7112", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7112" }, { "name": "RHSA-2024:0417", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0417" }, { "name": "RHSA-2024:2577", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2577" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4641" }, { "name": "RHBZ#2215945", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215945" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/shadow-maint/shadow", "defaultStatus": "affected", "packageName": "shadow-utils", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.14.0-rc1", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "shadow-utils", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.6-19.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb" ], "defaultStatus": "affected", "packageName": "shadow-utils", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.6-17.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "shadow-utils", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.6-17.el8_8.2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "shadow-utils", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.9-8.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "shadow-utils", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "shadow-utils", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-06-17T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-303", "description": "Incorrect Implementation of Authentication Algorithm", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T15:32:38.166Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:6632", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6632" }, { "name": "RHSA-2023:7112", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7112" }, { "name": "RHSA-2024:0417", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0417" }, { "name": "RHSA-2024:2577", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2577" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4641" }, { "name": "RHBZ#2215945", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215945" } ], "timeline": [ { "lang": "en", "time": "2023-06-17T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-06-17T00:00:00+00:00", "value": "Made public." } ], "title": "Shadow-utils: possible password leak during passwd(1) change", "x_redhatCweChain": "CWE-303: Incorrect Implementation of Authentication Algorithm" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4641", "datePublished": "2023-12-27T15:43:22.929Z", "dateReserved": "2023-08-30T17:16:27.137Z", "dateUpdated": "2024-08-02T07:31:06.633Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47038
Vulnerability from cvelistv5
Published
2023-12-18 13:43
Modified
2024-11-27 20:34
Severity ?
EPSS score ?
Summary
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2228 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3128 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-47038 | vdb-entry, x_refsource_REDHAT | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | ||
https://bugzilla.redhat.com/show_bug.cgi?id=2249523 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 5.30.0 ≤ Version: 5.36.0 ≤ Version: 5.38.0 ≤ |
||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.214Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2228", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2228" }, { "name": "RHSA-2024:3128", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3128" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-47038" }, { "tags": [ "x_transferred" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746" }, { "name": "RHBZ#2249523", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/" }, { "tags": [ "x_transferred" ], "url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-47038", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-27T20:34:17.016514Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-27T20:34:37.926Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/Perl/perl5", "defaultStatus": "unaffected", "packageName": "perl", "versions": [ { "lessThan": "5.34.3", "status": "affected", "version": "5.30.0", "versionType": "semver" }, { "lessThan": "5.36.3", "status": "affected", "version": "5.36.0", "versionType": "semver" }, { "lessThan": "5.38.2", "status": "affected", "version": "5.38.0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "perl:5.32", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240314121426.9fe1d287", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "perl", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:5.32.1-481.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "perl", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "perl", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "perl", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "perl:5.30/perl", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "datePublic": "2023-11-25T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T03:31:40.627Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2228", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2228" }, { "name": "RHSA-2024:3128", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3128" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-47038" }, { "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746" }, { "name": "RHBZ#2249523", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523" } ], "timeline": [ { "lang": "en", "time": "2023-11-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-11-25T00:00:00+00:00", "value": "Made public." } ], "title": "Perl: write past buffer end via illegal user-defined unicode property", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-47038", "datePublished": "2023-12-18T13:43:07.713Z", "dateReserved": "2023-10-30T13:58:15.255Z", "dateUpdated": "2024-11-27T20:34:37.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33601
Vulnerability from cvelistv5
Published
2024-05-06 19:22
Modified
2024-08-02 02:36
Severity ?
EPSS score ?
Summary
nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The GNU C Library | glibc |
Version: 2.15 < 2.40 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "glibc", "vendor": "gnu", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-33601", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-09T17:26:01.322253Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:44:28.720Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0014/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003enscd: netgroup cache may terminate daemon on memory allocation failure\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\u003cbr\u003exrealloc and these functions may terminate the process due to a memory\u003cbr\u003eallocation failure resulting in a denial of service to the clients. The\u003cbr\u003eflaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e" } ], "value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n" } ], "impacts": [ { "capecId": "CAPEC-130", "descriptions": [ { "lang": "en", "value": "CAPEC-130 Excessive Allocation" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-06T19:22:07.763Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0014/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: netgroup cache may terminate daemon on memory allocation failure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33601", "datePublished": "2024-05-06T19:22:07.763Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2024-08-02T02:36:04.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1271
Vulnerability from cvelistv5
Published
2022-08-31 15:33
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2073310 | x_refsource_MISC | |
https://www.openwall.com/lists/oss-security/2022/04/07/8 | x_refsource_MISC | |
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html | x_refsource_MISC | |
https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch | x_refsource_MISC | |
https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 | x_refsource_MISC | |
https://security-tracker.debian.org/tracker/CVE-2022-1271 | x_refsource_MISC | |
https://access.redhat.com/security/cve/CVE-2022-1271 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202209-01 | vendor-advisory, x_refsource_GENTOO | |
https://security.netapp.com/advisory/ntap-20220930-0006/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | gzip, xz-utils |
Version: Fixed in gzip 1.12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:55:24.665Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2022-1271" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-1271" }, { "name": "GLSA-202209-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220930-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "gzip, xz-utils", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in gzip 1.12" } ] } ], "descriptions": [ { "lang": "en", "value": "An arbitrary file write vulnerability was found in GNU gzip\u0027s zgrep utility. When zgrep is applied on the attacker\u0027s chosen file name (for example, a crafted file name), this can overwrite an attacker\u0027s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-179", "description": "CWE-179 - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-30T15:06:11", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2022-1271" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/CVE-2022-1271" }, { "name": "GLSA-202209-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220930-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-1271", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "gzip, xz-utils", "version": { "version_data": [ { "version_value": "Fixed in gzip 1.12" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An arbitrary file write vulnerability was found in GNU gzip\u0027s zgrep utility. When zgrep is applied on the attacker\u0027s chosen file name (for example, a crafted file name), this can overwrite an attacker\u0027s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-179 - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310" }, { "name": "https://www.openwall.com/lists/oss-security/2022/04/07/8", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" }, { "name": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", "refsource": "MISC", "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" }, { "name": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", "refsource": "MISC", "url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch" }, { "name": "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", "refsource": "MISC", "url": "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2022-1271", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2022-1271" }, { "name": "https://access.redhat.com/security/cve/CVE-2022-1271", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2022-1271" }, { "name": "GLSA-202209-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-01" }, { "name": "https://security.netapp.com/advisory/ntap-20220930-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220930-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1271", "datePublished": "2022-08-31T15:33:00", "dateReserved": "2022-04-07T00:00:00", "dateUpdated": "2024-08-02T23:55:24.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2795
Vulnerability from cvelistv5
Published
2022-09-21 10:15
Modified
2024-11-29 12:04
Severity ?
EPSS score ?
Summary
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | ISC | BIND9 |
Version: Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33 Version: Open Source Branch 9.18 9.18.0 through versions before 9.18.7 Version: Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1 Version: Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1 Version: Development Branch 9.19 9.19.0 through versions before 9.19.5 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:isc:bind:9.0.0:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bind", "vendor": "isc", "versions": [ { "lessThanOrEqual": "9.16.32", "status": "affected", "version": "9.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bind", "vendor": "isc", "versions": [ { "lessThan": "9.11.37", "status": "affected", "version": "9.9.3", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bind", "vendor": "isc", "versions": [ { "lessThan": "9.16.32", "status": "affected", "version": "9.16.8", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*" ], "defaultStatus": "unknown", "product": "bind", "vendor": "isc", "versions": [ { "lessThan": "9.19.4", "status": "affected", "version": "9.19.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-2795", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-12T17:20:53.564264Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-20T19:41:53.934Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-29T12:04:33.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-2795" }, { "name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3" }, { "name": "DSA-5235", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5235" }, { "name": "FEDORA-2022-ef038365de", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/" }, { "name": "FEDORA-2022-8268735e06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/" }, { "name": "FEDORA-2022-b197d64471", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/" }, { "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html" }, { "name": "GLSA-202210-25", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "url": "https://security.netapp.com/advisory/ntap-20241129-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIND9", "vendor": "ISC", "versions": [ { "status": "affected", "version": "Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33" }, { "status": "affected", "version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.7" }, { "status": "affected", "version": "Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1" }, { "status": "affected", "version": "Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1" }, { "status": "affected", "version": "Development Branch 9.19 9.19.0 through versions before 9.19.5" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr \u0026 Shani Stajnrod from Reichman University for bringing this vulnerability to our attention." } ], "datePublic": "2022-09-21T00:00:00", "descriptions": [ { "lang": "en", "value": "By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver\u0027s performance, effectively denying legitimate clients access to the DNS resolution service." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "In BIND 9.0.0 -\u003e 9.16.32, 9.18.0 -\u003e 9.18.6, versions 9.9.3-S1 -\u003e 9.11.37-S1, 9.16.8-S1 -\u003e 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -\u003e 9.19.4 of the BIND 9.19 development branch, a flaw in resolver code can cause named to spend excessive amounts of time on processing large delegations.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-31T00:00:00", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "url": "https://kb.isc.org/docs/cve-2022-2795" }, { "name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3" }, { "name": "DSA-5235", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5235" }, { "name": "FEDORA-2022-ef038365de", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/" }, { "name": "FEDORA-2022-8268735e06", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/" }, { "name": "FEDORA-2022-b197d64471", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/" }, { "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html" }, { "name": "GLSA-202210-25", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-25" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Processing large delegations may severely degrade resolver performance", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-2795", "datePublished": "2022-09-21T10:15:25.796304Z", "dateReserved": "2022-08-12T00:00:00", "dateUpdated": "2024-11-29T12:04:33.614Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36227
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2024-08-03 10:00
Severity ?
EPSS score ?
Summary
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:00:04.305Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libarchive/libarchive/issues/1754" }, { "tags": [ "x_transferred" ], "url": "https://bugs.gentoo.org/882521" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215" }, { "name": "FEDORA-2022-e15be0091f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/" }, { "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html" }, { "name": "GLSA-202309-14", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-29T16:06:28.926333", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libarchive/libarchive/issues/1754" }, { "url": "https://bugs.gentoo.org/882521" }, { "url": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215" }, { "name": "FEDORA-2022-e15be0091f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/" }, { "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html" }, { "name": "GLSA-202309-14", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-14" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36227", "datePublished": "2022-11-22T00:00:00", "dateReserved": "2022-07-18T00:00:00", "dateUpdated": "2024-08-03T10:00:04.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2975
Vulnerability from cvelistv5
Published
2023-07-14 11:16
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: The AES-SIV cipher implementation contains a bug that causes
it to ignore empty associated data entries which are unauthenticated as
a consequence.
Impact summary: Applications that use the AES-SIV algorithm and want to
authenticate empty data entries as associated data can be misled by removing,
adding or reordering such empty entries as these are ignored by the OpenSSL
implementation. We are currently unaware of any such applications.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with
NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such a call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated.
As this issue does not affect non-empty associated data authentication and
we expect it to be rare for an application to use empty associated data
entries this is qualified as Low severity issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:41:04.070Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230714.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc" }, { "name": "3.0.10 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/15/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230725-0004/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.1.2", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.10", "status": "affected", "version": "3.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Juerg Wullschleger (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Tomas Mraz" } ], "datePublic": "2023-07-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\u003cbr\u003eit to ignore empty associated data entries which are unauthenticated as\u003cbr\u003ea consequence.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the AES-SIV algorithm and want to\u003cbr\u003eauthenticate empty data entries as associated data can be misled by removing,\u003cbr\u003eadding or reordering such empty entries as these are ignored by the OpenSSL\u003cbr\u003eimplementation. We are currently unaware of any such applications.\u003cbr\u003e\u003cbr\u003eThe AES-SIV algorithm allows for authentication of multiple associated\u003cbr\u003edata entries along with the encryption. To authenticate empty data the\u003cbr\u003eapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\u003cbr\u003eNULL pointer as the output buffer and 0 as the input buffer length.\u003cbr\u003eThe AES-SIV implementation in OpenSSL just returns success for such a call\u003cbr\u003einstead of performing the associated data authentication operation.\u003cbr\u003eThe empty data thus will not be authenticated.\u003cbr\u003e\u003cbr\u003eAs this issue does not affect non-empty associated data authentication and\u003cbr\u003ewe expect it to be rare for an application to use empty associated data\u003cbr\u003eentries this is qualified as Low severity issue." } ], "value": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:45.748Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230714.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc" }, { "name": "3.0.10 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598" } ], "source": { "discovery": "UNKNOWN" }, "title": "AES-SIV implementation ignores empty associated data entries", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-2975", "datePublished": "2023-07-14T11:16:25.151Z", "dateReserved": "2023-05-30T10:29:34.539Z", "dateUpdated": "2024-10-14T14:55:45.748Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28835
Vulnerability from cvelistv5
Published
2024-03-21 06:13
Modified
2024-11-24 15:04
Severity ?
EPSS score ?
Summary
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1879 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2570 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2889 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-28835 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2269084 | issue-tracking, x_refsource_REDHAT | |
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 3.8.3 |
||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28835", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-21T18:00:08.506389Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:15.160Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-22T12:04:48.736Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/22/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/22/2" }, { "name": "RHSA-2024:1879", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1879" }, { "name": "RHSA-2024:2570", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2570" }, { "name": "RHSA-2024:2889", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2889" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-28835" }, { "name": "RHBZ#2269084", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269084" }, { "tags": [ "x_transferred" ], "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html" }, { "url": "https://security.netapp.com/advisory/ntap-20241122-0009/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/gnutls/gnutls/", "defaultStatus": "unaffected", "packageName": "gnutls", "versions": [ { "status": "affected", "version": "3.8.3" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-23.el9_3.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-23.el9_3.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-21.el9_2.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "datePublic": "2024-03-21T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-248", "description": "Uncaught Exception", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T15:04:40.246Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1879", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1879" }, { "name": "RHSA-2024:2570", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2570" }, { "name": "RHSA-2024:2889", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2889" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-28835" }, { "name": "RHBZ#2269084", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269084" }, { "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html" } ], "timeline": [ { "lang": "en", "time": "2024-03-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-03-21T00:00:00+00:00", "value": "Made public." } ], "title": "Gnutls: potential crash during chain building/verification", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-248: Uncaught Exception" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-28835", "datePublished": "2024-03-21T06:13:26.916Z", "dateReserved": "2024-03-11T14:43:43.973Z", "dateUpdated": "2024-11-24T15:04:40.246Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25062
Vulnerability from cvelistv5
Published
2024-02-04 00:00
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T23:36:21.588Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-04T16:04:53.794792", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-25062", "datePublished": "2024-02-04T00:00:00", "dateReserved": "2024-02-04T00:00:00", "dateUpdated": "2024-08-01T23:36:21.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-46848
Vulnerability from cvelistv5
Published
2022-10-24 00:00
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:17:42.362Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gnutls/libtasn1/-/issues/32" }, { "tags": [ "x_transferred" ], "url": "https://bugs.gentoo.org/866237" }, { "name": "FEDORA-2022-061f857481", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/" }, { "name": "FEDORA-2022-3c933ffaca", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/" }, { "name": "FEDORA-2022-19056934a7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221118-0006/" }, { "name": "FEDORA-2022-3f9ee1ad91", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/" }, { "name": "[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5" }, { "url": "https://gitlab.com/gnutls/libtasn1/-/issues/32" }, { "url": "https://bugs.gentoo.org/866237" }, { "name": "FEDORA-2022-061f857481", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/" }, { "name": "FEDORA-2022-3c933ffaca", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/" }, { "name": "FEDORA-2022-19056934a7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/" }, { "url": "https://security.netapp.com/advisory/ntap-20221118-0006/" }, { "name": "FEDORA-2022-3f9ee1ad91", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/" }, { "name": "[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-46848", "datePublished": "2022-10-24T00:00:00", "dateReserved": "2022-10-24T00:00:00", "dateUpdated": "2024-08-04T05:17:42.362Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48624
Vulnerability from cvelistv5
Published
2024-02-19 00:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-48624", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-20T17:06:03.635874Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:42.553Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T15:17:55.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144" }, { "tags": [ "x_transferred" ], "url": "https://greenwoodsoftware.com/less/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/gwsw/less/compare/v605...v606" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240605-0010/" }, { "name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T17:11:50.319560", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144" }, { "url": "https://greenwoodsoftware.com/less/" }, { "url": "https://github.com/gwsw/less/compare/v605...v606" }, { "url": "https://security.netapp.com/advisory/ntap-20240605-0010/" }, { "name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48624", "datePublished": "2024-02-19T00:00:00", "dateReserved": "2024-02-19T00:00:00", "dateUpdated": "2024-08-03T15:17:55.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36054
Vulnerability from cvelistv5
Published
2023-08-07 00:00
Modified
2024-10-11 13:57
Severity ?
EPSS score ?
Summary
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:37:41.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://web.mit.edu/kerberos/www/advisories/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final" }, { "tags": [ "x_transferred" ], "url": "https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final" }, { "tags": [ "x_transferred" ], "url": "https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230908-0004/" }, { "name": "[debian-lts-announce] 20231022 [SECURITY] [DLA 3626-1] krb5 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36054", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T13:57:00.998054Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T13:57:10.192Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-22T22:06:16.416880", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://web.mit.edu/kerberos/www/advisories/" }, { "url": "https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final" }, { "url": "https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final" }, { "url": "https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd" }, { "url": "https://security.netapp.com/advisory/ntap-20230908-0004/" }, { "name": "[debian-lts-announce] 20231022 [SECURITY] [DLA 3626-1] krb5 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-36054", "datePublished": "2023-08-07T00:00:00", "dateReserved": "2023-06-21T00:00:00", "dateUpdated": "2024-10-11T13:57:10.192Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-7008
Vulnerability from cvelistv5
Published
2023-12-23 13:00
Modified
2024-11-23 03:39
Severity ?
EPSS score ?
Summary
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2463 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3203 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-7008 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2222261 | ||
https://bugzilla.redhat.com/show_bug.cgi?id=2222672 | issue-tracking, x_refsource_REDHAT | |
https://github.com/systemd/systemd/issues/25676 |
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:239-82.el8 < * cpe:/o:redhat:enterprise_linux:8::baseos |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-11-22T12:04:44.733Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2463", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2463" }, { "name": "RHSA-2024:3203", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3203" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-7008" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222261" }, { "name": "RHBZ#2222672", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222672" }, { "tags": [ "x_transferred" ], "url": "https://github.com/systemd/systemd/issues/25676" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/" }, { "url": "https://security.netapp.com/advisory/ntap-20241122-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "systemd", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:239-82.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "systemd", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:252-32.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "systemd", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:252-32.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:cryostat:2" ], "defaultStatus": "unaffected", "packageName": "systemd", "product": "Cryostat 2", "vendor": "Red Hat" } ], "datePublic": "2022-12-08T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-300", "description": "Channel Accessible by Non-Endpoint", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T03:39:26.132Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2463", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2463" }, { "name": "RHSA-2024:3203", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3203" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-7008" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222261" }, { "name": "RHBZ#2222672", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222672" }, { "url": "https://github.com/systemd/systemd/issues/25676" } ], "timeline": [ { "lang": "en", "time": "2023-07-12T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2022-12-08T00:00:00+00:00", "value": "Made public." } ], "title": "Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-300: Channel Accessible by Non-Endpoint" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-7008", "datePublished": "2023-12-23T13:00:50.515Z", "dateReserved": "2023-12-20T15:28:32.966Z", "dateUpdated": "2024-11-23T03:39:26.132Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2961
Vulnerability from cvelistv5
Published
2024-04-17 17:27
Modified
2024-11-15 15:22
Severity ?
EPSS score ?
Summary
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The GNU C Library | glibc |
Version: 2.1.93 < 2.40 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "glibc", "vendor": "gnu", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.1.93", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-2961", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-30T04:00:23.144191Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:29:57.648Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-15T15:22:29.055Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1" }, { "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2" }, { "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/24/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/9" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/18/4" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/3" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240531-0002/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.1.93", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Charles Fol" } ], "datePublic": "2024-04-17T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\u003cbr\u003e" } ], "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n" } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-17T17:51:03.169Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/24/2" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/17/9" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/18/4" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/2" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/6" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/1" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/4" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/5" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/3" }, { "url": "https://security.netapp.com/advisory/ntap-20240531-0002/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-2961", "datePublished": "2024-04-17T17:27:40.541Z", "dateReserved": "2024-03-26T19:29:31.186Z", "dateUpdated": "2024-11-15T15:22:29.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44487
Vulnerability from cvelistv5
Published
2023-10-10 00:00
Modified
2024-08-19 07:48
Severity ?
EPSS score ?
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "http", "vendor": "ietf", "versions": [ { "status": "affected", "version": "2.0" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-44487", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T20:34:21.334116Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2023-10-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-44487" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-23T20:35:03.253Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-19T07:48:04.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73" }, { "tags": [ "x_transferred" ], "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/" }, { "tags": [ "x_transferred" ], "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/" }, { "tags": [ "x_transferred" ], "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack" }, { "tags": [ "x_transferred" ], "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "tags": [ "x_transferred" ], "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37831062" }, { "tags": [ "x_transferred" ], "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" }, { "tags": [ "x_transferred" ], "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack" }, { "tags": [ "x_transferred" ], "url": "https://github.com/envoyproxy/envoy/pull/30055" }, { "tags": [ "x_transferred" ], "url": "https://github.com/haproxy/haproxy/issues/2312" }, { "tags": [ "x_transferred" ], "url": "https://github.com/eclipse/jetty.project/issues/10679" }, { "tags": [ "x_transferred" ], "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764" }, { "tags": [ "x_transferred" ], "url": "https://github.com/nghttp2/nghttp2/pull/1961" }, { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61" }, { "tags": [ "x_transferred" ], "url": "https://github.com/alibaba/tengine/issues/1872" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37830987" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37830998" }, { "tags": [ "x_transferred" ], "url": "https://github.com/caddyserver/caddy/issues/5877" }, { "tags": [ "x_transferred" ], "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/bcdannyboy/CVE-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://github.com/grpc/grpc-go/pull/6703" }, { "tags": [ "x_transferred" ], "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244" }, { "tags": [ "x_transferred" ], "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0" }, { "tags": [ "x_transferred" ], "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html" }, { "tags": [ "x_transferred" ], "url": "https://my.f5.com/manage/s/article/K000137106" }, { "tags": [ "x_transferred" ], "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988" }, { "tags": [ "x_transferred" ], "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9" }, { "tags": [ "x_transferred" ], "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected" }, { "tags": [ "x_transferred" ], "url": "https://github.com/microsoft/CBL-Mariner/pull/6381" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo" }, { "tags": [ "x_transferred" ], "url": "https://github.com/facebook/proxygen/pull/466" }, { "tags": [ "x_transferred" ], "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088" }, { "tags": [ "x_transferred" ], "url": "https://github.com/micrictor/http2-rst-stream" }, { "tags": [ "x_transferred" ], "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve" }, { "tags": [ "x_transferred" ], "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf" }, { "tags": [ "x_transferred" ], "url": "https://github.com/h2o/h2o/pull/3291" }, { "tags": [ "x_transferred" ], "url": "https://github.com/nodejs/node/pull/50121" }, { "tags": [ "x_transferred" ], "url": "https://github.com/dotnet/announcements/issues/277" }, { "tags": [ "x_transferred" ], "url": "https://github.com/golang/go/issues/63417" }, { "tags": [ "x_transferred" ], "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/trafficserver/pull/10564" }, { "tags": [ "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14" }, { "tags": [ "x_transferred" ], "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6" }, { "tags": [ "x_transferred" ], "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://github.com/opensearch-project/data-prepper/issues/3474" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kubernetes/kubernetes/pull/121120" }, { "tags": [ "x_transferred" ], "url": "https://github.com/oqtane/oqtane.framework/discussions/3367" }, { "tags": [ "x_transferred" ], "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p" }, { "tags": [ "x_transferred" ], "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html" }, { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/" }, { "tags": [ "x_transferred" ], "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37837043" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kazu-yamamoto/http2/issues/93" }, { "tags": [ "x_transferred" ], "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113" }, { "name": "DSA-5522", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5522" }, { "name": "DSA-5521", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5521" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/cve-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ninenines/cowboy/issues/1615" }, { "tags": [ "x_transferred" ], "url": "https://github.com/varnishcache/varnish-cache/issues/3996" }, { "tags": [ "x_transferred" ], "url": "https://github.com/tempesta-tech/tempesta/issues/1986" }, { "tags": [ "x_transferred" ], "url": "https://blog.vespa.ai/cve-2023-44487/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/etcd-io/etcd/issues/16740" }, { "tags": [ "x_transferred" ], "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event" }, { "tags": [ "x_transferred" ], "url": "https://istio.io/latest/news/security/istio-security-2023-004/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/junkurihara/rust-rpxy/issues/97" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "tags": [ "x_transferred" ], "url": "https://ubuntu.com/security/CVE-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125" }, { "tags": [ "x_transferred" ], "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/httpd-site/pull/10" }, { "tags": [ "x_transferred" ], "url": "https://github.com/projectcontour/contour/pull/5826" }, { "tags": [ "x_transferred" ], "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632" }, { "tags": [ "x_transferred" ], "url": "https://github.com/line/armeria/pull/5232" }, { "tags": [ "x_transferred" ], "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/" }, { "tags": [ "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://github.com/akka/akka-http/issues/4323" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openresty/openresty/issues/930" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/apisix/issues/10320" }, { "tags": [ "x_transferred" ], "url": "https://github.com/Azure/AKS/issues/3947" }, { "tags": [ "x_transferred" ], "url": "https://github.com/Kong/kong/discussions/11741" }, { "tags": [ "x_transferred" ], "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5" }, { "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" }, { "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4" }, { "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9" }, { "tags": [ "x_transferred" ], "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/" }, { "tags": [ "x_transferred" ], "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html" }, { "name": "FEDORA-2023-ed2642fd58", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/" }, { "tags": [ "x_transferred" ], "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/" }, { "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231016-0001/" }, { "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html" }, { "name": "[oss-security] 20231018 Vulnerability in Jenkins", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4" }, { "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" }, { "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6" }, { "name": "FEDORA-2023-54fadada12", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/" }, { "name": "FEDORA-2023-5ff7bf1dd8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/" }, { "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8" }, { "name": "FEDORA-2023-17efd3f2cd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/" }, { "name": "FEDORA-2023-d5030c983c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/" }, { "name": "FEDORA-2023-0259c3f26f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/" }, { "name": "FEDORA-2023-2a9214af5f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/" }, { "name": "FEDORA-2023-e9c04d81c1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/" }, { "name": "FEDORA-2023-f66fc0f62a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/" }, { "name": "FEDORA-2023-4d2fd884ea", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/" }, { "name": "FEDORA-2023-b2c50535cb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/" }, { "name": "FEDORA-2023-fe53e13b5b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" }, { "name": "FEDORA-2023-4bf641255e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" }, { "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html" }, { "name": "DSA-5540", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5540" }, { "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html" }, { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715" }, { "name": "FEDORA-2023-1caffb88af", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/" }, { "name": "FEDORA-2023-3f70b8d406", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/" }, { "name": "FEDORA-2023-7b52921cae", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/" }, { "name": "FEDORA-2023-7934802344", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/" }, { "name": "FEDORA-2023-dbe64661af", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/" }, { "name": "FEDORA-2023-822aab0a5a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" }, { "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html" }, { "name": "DSA-5549", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5549" }, { "name": "FEDORA-2023-c0c6a91330", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/" }, { "name": "FEDORA-2023-492b7be466", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/" }, { "name": "DSA-5558", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5558" }, { "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html" }, { "name": "GLSA-202311-09", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-09" }, { "name": "DSA-5570", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5570" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0007/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" }, { "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-21T19:08:34.967324", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73" }, { "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/" }, { "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/" }, { "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack" }, { "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/" }, { "url": "https://news.ycombinator.com/item?id=37831062" }, { "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" }, { "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack" }, { "url": "https://github.com/envoyproxy/envoy/pull/30055" }, { "url": "https://github.com/haproxy/haproxy/issues/2312" }, { "url": "https://github.com/eclipse/jetty.project/issues/10679" }, { "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764" }, { "url": "https://github.com/nghttp2/nghttp2/pull/1961" }, { "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61" }, { "url": "https://github.com/alibaba/tengine/issues/1872" }, { "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2" }, { "url": "https://news.ycombinator.com/item?id=37830987" }, { "url": "https://news.ycombinator.com/item?id=37830998" }, { "url": "https://github.com/caddyserver/caddy/issues/5877" }, { "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/" }, { "url": "https://github.com/bcdannyboy/CVE-2023-44487" }, { "url": "https://github.com/grpc/grpc-go/pull/6703" }, { "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244" }, { "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0" }, { "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html" }, { "url": "https://my.f5.com/manage/s/article/K000137106" }, { "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/" }, { "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988" }, { "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9" }, { "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected" }, { "url": "https://github.com/microsoft/CBL-Mariner/pull/6381" }, { "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo" }, { "url": "https://github.com/facebook/proxygen/pull/466" }, { "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088" }, { "url": "https://github.com/micrictor/http2-rst-stream" }, { "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve" }, { "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/" }, { "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf" }, { "url": "https://github.com/h2o/h2o/pull/3291" }, { "url": "https://github.com/nodejs/node/pull/50121" }, { "url": "https://github.com/dotnet/announcements/issues/277" }, { "url": "https://github.com/golang/go/issues/63417" }, { "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg" }, { "url": "https://github.com/apache/trafficserver/pull/10564" }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487" }, { "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14" }, { "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q" }, { "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6" }, { "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487" }, { "url": "https://github.com/opensearch-project/data-prepper/issues/3474" }, { "url": "https://github.com/kubernetes/kubernetes/pull/121120" }, { "url": "https://github.com/oqtane/oqtane.framework/discussions/3367" }, { "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p" }, { "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html" }, { "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/" }, { "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack" }, { "url": "https://news.ycombinator.com/item?id=37837043" }, { "url": "https://github.com/kazu-yamamoto/http2/issues/93" }, { "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html" }, { "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1" }, { "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113" }, { "name": "DSA-5522", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5522" }, { "name": "DSA-5521", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5521" }, { "url": "https://access.redhat.com/security/cve/cve-2023-44487" }, { "url": "https://github.com/ninenines/cowboy/issues/1615" }, { "url": "https://github.com/varnishcache/varnish-cache/issues/3996" }, { "url": "https://github.com/tempesta-tech/tempesta/issues/1986" }, { "url": "https://blog.vespa.ai/cve-2023-44487/" }, { "url": "https://github.com/etcd-io/etcd/issues/16740" }, { "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event" }, { "url": "https://istio.io/latest/news/security/istio-security-2023-004/" }, { "url": "https://github.com/junkurihara/rust-rpxy/issues/97" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "url": "https://ubuntu.com/security/CVE-2023-44487" }, { "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125" }, { "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3" }, { "url": "https://github.com/apache/httpd-site/pull/10" }, { "url": "https://github.com/projectcontour/contour/pull/5826" }, { "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632" }, { "url": "https://github.com/line/armeria/pull/5232" }, { "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/" }, { "url": "https://security.paloaltonetworks.com/CVE-2023-44487" }, { "url": "https://github.com/akka/akka-http/issues/4323" }, { "url": "https://github.com/openresty/openresty/issues/930" }, { "url": "https://github.com/apache/apisix/issues/10320" }, { "url": "https://github.com/Azure/AKS/issues/3947" }, { "url": "https://github.com/Kong/kong/discussions/11741" }, { "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487" }, { "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/" }, { "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5" }, { "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" }, { "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4" }, { "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9" }, { "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/" }, { "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html" }, { "name": "FEDORA-2023-ed2642fd58", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/" }, { "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/" }, { "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html" }, { "url": "https://security.netapp.com/advisory/ntap-20231016-0001/" }, { "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html" }, { "name": "[oss-security] 20231018 Vulnerability in Jenkins", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4" }, { "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" }, { "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6" }, { "name": "FEDORA-2023-54fadada12", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/" }, { "name": "FEDORA-2023-5ff7bf1dd8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/" }, { "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8" }, { "name": "FEDORA-2023-17efd3f2cd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/" }, { "name": "FEDORA-2023-d5030c983c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/" }, { "name": "FEDORA-2023-0259c3f26f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/" }, { "name": "FEDORA-2023-2a9214af5f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/" }, { "name": "FEDORA-2023-e9c04d81c1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/" }, { "name": "FEDORA-2023-f66fc0f62a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/" }, { "name": "FEDORA-2023-4d2fd884ea", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/" }, { "name": "FEDORA-2023-b2c50535cb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/" }, { "name": "FEDORA-2023-fe53e13b5b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" }, { "name": "FEDORA-2023-4bf641255e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" }, { "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html" }, { "name": "DSA-5540", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5540" }, { "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html" }, { "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715" }, { "name": "FEDORA-2023-1caffb88af", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/" }, { "name": "FEDORA-2023-3f70b8d406", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/" }, { "name": "FEDORA-2023-7b52921cae", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/" }, { "name": "FEDORA-2023-7934802344", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/" }, { "name": "FEDORA-2023-dbe64661af", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/" }, { "name": "FEDORA-2023-822aab0a5a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" }, { "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html" }, { "name": "DSA-5549", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5549" }, { "name": "FEDORA-2023-c0c6a91330", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/" }, { "name": "FEDORA-2023-492b7be466", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/" }, { "name": "DSA-5558", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5558" }, { "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html" }, { "name": "GLSA-202311-09", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202311-09" }, { "name": "DSA-5570", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5570" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0007/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-44487", "datePublished": "2023-10-10T00:00:00", "dateReserved": "2023-09-29T00:00:00", "dateUpdated": "2024-08-19T07:48:04.546Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5679
Vulnerability from cvelistv5
Published
2024-02-13 14:05
Modified
2024-08-02 08:07
Severity ?
EPSS score ?
Summary
A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.
This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-5679", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-13T19:24:41.299409Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:28:29.313Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:07:32.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2023-5679", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-5679" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.45", "status": "affected", "version": "9.16.12", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.19", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.45-S1", "status": "affected", "version": "9.16.12-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "datePublic": "2024-02-13T00:00:00Z", "descriptions": [ { "lang": "en", "value": "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "By querying a DNS64-enabled resolver for domain names triggering serve-stale, an attacker can cause `named` to crash with an assertion failure." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2024-02-13T14:05:06.688Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2023-5679", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2023-5679" }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0002/" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution", "workarounds": [ { "lang": "en", "value": "Disabling serve-stale (with `stale-cache-enable no;` and `stale-answer-enable no;`) and/or disabling `dns64` makes the faulty code path impossible to reach, preventing this flaw from being exploitable." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2023-5679", "datePublished": "2024-02-13T14:05:06.688Z", "dateReserved": "2023-10-20T11:00:26.909Z", "dateUpdated": "2024-08-02T08:07:32.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6129
Vulnerability from cvelistv5
Published
2024-01-09 16:36
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications running
on PowerPC CPU based platforms if the CPU provides vector instructions.
Impact summary: If an attacker can influence whether the POLY1305 MAC
algorithm is used, the application state might be corrupted with various
application dependent consequences.
The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs restores the contents of vector registers in a different order
than they are saved. Thus the contents of some of these vector registers
are corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the application
process. However unless the compiler uses the vector registers for storing
pointers, the most likely consequence, if any, would be an incorrect result
of some application dependent calculations or a crash leading to a denial of
service.
The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3. If this cipher is enabled on the server a malicious
client can influence whether this AEAD cipher is used. This implies that
TLS server applications using OpenSSL can be potentially impacted. However
we are currently not aware of any concrete application that would be affected
by this issue therefore we consider this a Low severity security issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:17.314Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20240109.txt" }, { "name": "3.2.1 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04" }, { "name": "3.1.5 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015" }, { "name": "3.0.13 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240216-0009/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0013/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0008/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240503-0011/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.2.1", "status": "affected", "version": "3.2.0", "versionType": "semver" }, { "lessThan": "3.1.5", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.13", "status": "affected", "version": "3.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Sverker Eriksson" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Rohan McLure" } ], "datePublic": "2024-01-09T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\u003cbr\u003econtains a bug that might corrupt the internal state of applications running\u003cbr\u003eon PowerPC CPU based platforms if the CPU provides vector instructions.\u003cbr\u003e\u003cbr\u003eImpact summary: If an attacker can influence whether the POLY1305 MAC\u003cbr\u003ealgorithm is used, the application state might be corrupted with various\u003cbr\u003eapplication dependent consequences.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\u003cbr\u003ePowerPC CPUs restores the contents of vector registers in a different order\u003cbr\u003ethan they are saved. Thus the contents of some of these vector registers\u003cbr\u003eare corrupted when returning to the caller. The vulnerable code is used only\u003cbr\u003eon newer PowerPC processors supporting the PowerISA 2.07 instructions.\u003cbr\u003e\u003cbr\u003eThe consequences of this kind of internal application state corruption can\u003cbr\u003ebe various - from no consequences, if the calling application does not\u003cbr\u003edepend on the contents of non-volatile XMM registers at all, to the worst\u003cbr\u003econsequences, where the attacker could get complete control of the application\u003cbr\u003eprocess. However unless the compiler uses the vector registers for storing\u003cbr\u003epointers, the most likely consequence, if any, would be an incorrect result\u003cbr\u003eof some application dependent calculations or a crash leading to a denial of\u003cbr\u003eservice.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC algorithm is most frequently used as part of the\u003cbr\u003eCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\u003cbr\u003ealgorithm. The most common usage of this AEAD cipher is with TLS protocol\u003cbr\u003eversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\u003cbr\u003eclient can influence whether this AEAD cipher is used. This implies that\u003cbr\u003eTLS server applications using OpenSSL can be potentially impacted. However\u003cbr\u003ewe are currently not aware of any concrete application that would be affected\u003cbr\u003eby this issue therefore we consider this a Low severity security issue." } ], "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-440", "description": "CWE-440 Expected Behavior Violation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:55.315Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20240109.txt" }, { "name": "3.2.1 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04" }, { "name": "3.1.5 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015" }, { "name": "3.0.13 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35" } ], "source": { "discovery": "UNKNOWN" }, "title": "POLY1305 MAC implementation corrupts vector registers on PowerPC", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-6129", "datePublished": "2024-01-09T16:36:58.860Z", "dateReserved": "2023-11-14T16:12:12.656Z", "dateUpdated": "2024-10-14T14:55:55.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-7104
Vulnerability from cvelistv5
Published
2023-12-25 21:00
Modified
2024-08-02 08:50
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | SQLite | SQLite3 |
Version: 3.0 Version: 3.1 Version: 3.2 Version: 3.3 Version: 3.4 Version: 3.5 Version: 3.6 Version: 3.7 Version: 3.8 Version: 3.9 Version: 3.10 Version: 3.11 Version: 3.12 Version: 3.13 Version: 3.14 Version: 3.15 Version: 3.16 Version: 3.17 Version: 3.18 Version: 3.19 Version: 3.20 Version: 3.21 Version: 3.22 Version: 3.23 Version: 3.24 Version: 3.25 Version: 3.26 Version: 3.27 Version: 3.28 Version: 3.29 Version: 3.30 Version: 3.31 Version: 3.32 Version: 3.33 Version: 3.34 Version: 3.35 Version: 3.36 Version: 3.37 Version: 3.38 Version: 3.39 Version: 3.40 Version: 3.41 Version: 3.42 Version: 3.43 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:50:08.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.248999" }, { "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.248999" }, { "tags": [ "related", "x_transferred" ], "url": "https://sqlite.org/forum/forumpost/5bcbf4571c" }, { "tags": [ "patch", "x_transferred" ], "url": "https://sqlite.org/src/info/0e4e7a05c4204b47" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240112-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "modules": [ "make alltest Handler" ], "product": "SQLite3", "vendor": "SQLite", "versions": [ { "status": "affected", "version": "3.0" }, { "status": "affected", "version": "3.1" }, { "status": "affected", "version": "3.2" }, { "status": "affected", "version": "3.3" }, { "status": "affected", "version": "3.4" }, { "status": "affected", "version": "3.5" }, { "status": "affected", "version": "3.6" }, { "status": "affected", "version": "3.7" }, { "status": "affected", "version": "3.8" }, { "status": "affected", "version": "3.9" }, { "status": "affected", "version": "3.10" }, { "status": "affected", "version": "3.11" }, { "status": "affected", "version": "3.12" }, { "status": "affected", "version": "3.13" }, { "status": "affected", "version": "3.14" }, { "status": "affected", "version": "3.15" }, { "status": "affected", "version": "3.16" }, { "status": "affected", "version": "3.17" }, { "status": "affected", "version": "3.18" }, { "status": "affected", "version": "3.19" }, { "status": "affected", "version": "3.20" }, { "status": "affected", "version": "3.21" }, { "status": "affected", "version": "3.22" }, { "status": "affected", "version": "3.23" }, { "status": "affected", "version": "3.24" }, { "status": "affected", "version": "3.25" }, { "status": "affected", "version": "3.26" }, { "status": "affected", "version": "3.27" }, { "status": "affected", "version": "3.28" }, { "status": "affected", "version": "3.29" }, { "status": "affected", "version": "3.30" }, { "status": "affected", "version": "3.31" }, { "status": "affected", "version": "3.32" }, { "status": "affected", "version": "3.33" }, { "status": "affected", "version": "3.34" }, { "status": "affected", "version": "3.35" }, { "status": "affected", "version": "3.36" }, { "status": "affected", "version": "3.37" }, { "status": "affected", "version": "3.38" }, { "status": "affected", "version": "3.39" }, { "status": "affected", "version": "3.40" }, { "status": "affected", "version": "3.41" }, { "status": "affected", "version": "3.42" }, { "status": "affected", "version": "3.43" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Junwha Hong" }, { "lang": "en", "type": "finder", "value": "Wonil Jang" }, { "lang": "en", "type": "analyst", "value": "qbit (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999." }, { "lang": "de", "value": "Eine kritische Schwachstelle wurde in SQLite SQLite3 bis 3.43.0 gefunden. Hierbei geht es um die Funktion sessionReadRecord der Datei ext/session/sqlite3session.c der Komponente make alltest Handler. Durch die Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-29T09:44:27.826Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.248999" }, { "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.248999" }, { "tags": [ "related" ], "url": "https://sqlite.org/forum/forumpost/5bcbf4571c" }, { "tags": [ "patch" ], "url": "https://sqlite.org/src/info/0e4e7a05c4204b47" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/" }, { "url": "https://security.netapp.com/advisory/ntap-20240112-0008/" } ], "timeline": [ { "lang": "en", "time": "2023-12-25T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2023-12-25T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2023-12-29T10:49:22.000Z", "value": "VulDB entry last update" } ], "title": "SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2023-7104", "datePublished": "2023-12-25T21:00:05.997Z", "dateReserved": "2023-12-25T14:00:48.991Z", "dateUpdated": "2024-08-02T08:50:08.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45288
Vulnerability from cvelistv5
Published
2024-04-04 20:37
Modified
2024-08-26 20:40
Severity ?
EPSS score ?
Summary
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Go standard library | net/http |
Version: 0 ≤ Version: 1.22.0-0 ≤ |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:21:15.329Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/65051" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/576155" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2687" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240419-0009/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/05/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:go_standard_library:net\\/http:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "net\\/http", "vendor": "go_standard_library", "versions": [ { "lessThan": "1.21.9", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "1.22.2", "status": "affected", "version": "1.22.0-0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:golang:http2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "http2", "vendor": "golang", "versions": [ { "lessThan": "0.23.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-45288", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T17:08:42.212936Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-26T20:40:01.996Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/http", "product": "net/http", "programRoutines": [ { "name": "http2Framer.readMetaFrame" }, { "name": "CanonicalHeaderKey" }, { "name": "Client.CloseIdleConnections" }, { "name": "Client.Do" }, { "name": "Client.Get" }, { "name": "Client.Head" }, { "name": "Client.Post" }, { "name": "Client.PostForm" }, { "name": "Cookie.String" }, { "name": "Cookie.Valid" }, { "name": "Dir.Open" }, { "name": "Error" }, { "name": "Get" }, { "name": "HandlerFunc.ServeHTTP" }, { "name": "Head" }, { "name": "Header.Add" }, { "name": "Header.Del" }, { "name": "Header.Get" }, { "name": "Header.Set" }, { "name": "Header.Values" }, { "name": "Header.Write" }, { "name": "Header.WriteSubset" }, { "name": "ListenAndServe" }, { "name": "ListenAndServeTLS" }, { "name": "NewRequest" }, { "name": "NewRequestWithContext" }, { "name": "NotFound" }, { "name": "ParseTime" }, { "name": "Post" }, { "name": "PostForm" }, { "name": "ProxyFromEnvironment" }, { "name": "ReadRequest" }, { "name": "ReadResponse" }, { "name": "Redirect" }, { "name": "Request.AddCookie" }, { "name": "Request.BasicAuth" }, { "name": "Request.FormFile" }, { "name": "Request.FormValue" }, { "name": "Request.MultipartReader" }, { "name": "Request.ParseForm" }, { "name": "Request.ParseMultipartForm" }, { "name": "Request.PostFormValue" }, { "name": "Request.Referer" }, { "name": "Request.SetBasicAuth" }, { "name": "Request.UserAgent" }, { "name": "Request.Write" }, { "name": "Request.WriteProxy" }, { "name": "Response.Cookies" }, { "name": "Response.Location" }, { "name": "Response.Write" }, { "name": "ResponseController.EnableFullDuplex" }, { "name": "ResponseController.Flush" }, { "name": "ResponseController.Hijack" }, { "name": "ResponseController.SetReadDeadline" }, { "name": "ResponseController.SetWriteDeadline" }, { "name": "Serve" }, { "name": "ServeContent" }, { "name": "ServeFile" }, { "name": "ServeMux.ServeHTTP" }, { "name": "ServeTLS" }, { "name": "Server.Close" }, { "name": "Server.ListenAndServe" }, { "name": "Server.ListenAndServeTLS" }, { "name": "Server.Serve" }, { "name": "Server.ServeTLS" }, { "name": "Server.SetKeepAlivesEnabled" }, { "name": "Server.Shutdown" }, { "name": "SetCookie" }, { "name": "Transport.CancelRequest" }, { "name": "Transport.Clone" }, { "name": "Transport.CloseIdleConnections" }, { "name": "Transport.RoundTrip" }, { "name": "body.Close" }, { "name": "body.Read" }, { "name": "bodyEOFSignal.Close" }, { "name": "bodyEOFSignal.Read" }, { "name": "bodyLocked.Read" }, { "name": "bufioFlushWriter.Write" }, { "name": "cancelTimerBody.Close" }, { "name": "cancelTimerBody.Read" }, { "name": "checkConnErrorWriter.Write" }, { "name": "chunkWriter.Write" }, { "name": "connReader.Read" }, { "name": "connectMethodKey.String" }, { "name": "expectContinueReader.Close" }, { "name": "expectContinueReader.Read" }, { "name": "extraHeader.Write" }, { "name": "fileHandler.ServeHTTP" }, { "name": "fileTransport.RoundTrip" }, { "name": "globalOptionsHandler.ServeHTTP" }, { "name": "gzipReader.Close" }, { "name": "gzipReader.Read" }, { "name": "http2ClientConn.Close" }, { "name": "http2ClientConn.Ping" }, { "name": "http2ClientConn.RoundTrip" }, { "name": "http2ClientConn.Shutdown" }, { "name": "http2ConnectionError.Error" }, { "name": "http2ErrCode.String" }, { "name": "http2FrameHeader.String" }, { "name": "http2FrameType.String" }, { "name": "http2FrameWriteRequest.String" }, { "name": "http2Framer.ReadFrame" }, { "name": "http2Framer.WriteContinuation" }, { "name": "http2Framer.WriteData" }, { "name": "http2Framer.WriteDataPadded" }, { "name": "http2Framer.WriteGoAway" }, { "name": "http2Framer.WriteHeaders" }, { "name": "http2Framer.WritePing" }, { "name": "http2Framer.WritePriority" }, { "name": "http2Framer.WritePushPromise" }, { "name": "http2Framer.WriteRSTStream" }, { "name": "http2Framer.WriteRawFrame" }, { "name": "http2Framer.WriteSettings" }, { "name": "http2Framer.WriteSettingsAck" }, { "name": "http2Framer.WriteWindowUpdate" }, { "name": "http2GoAwayError.Error" }, { "name": "http2Server.ServeConn" }, { "name": "http2Setting.String" }, { "name": "http2SettingID.String" }, { "name": "http2SettingsFrame.ForeachSetting" }, { "name": "http2StreamError.Error" }, { "name": "http2Transport.CloseIdleConnections" }, { "name": "http2Transport.NewClientConn" }, { "name": "http2Transport.RoundTrip" }, { "name": "http2Transport.RoundTripOpt" }, { "name": "http2bufferedWriter.Flush" }, { "name": "http2bufferedWriter.Write" }, { "name": "http2chunkWriter.Write" }, { "name": "http2clientConnPool.GetClientConn" }, { "name": "http2connError.Error" }, { "name": "http2dataBuffer.Read" }, { "name": "http2duplicatePseudoHeaderError.Error" }, { "name": "http2gzipReader.Close" }, { "name": "http2gzipReader.Read" }, { "name": "http2headerFieldNameError.Error" }, { "name": "http2headerFieldValueError.Error" }, { "name": "http2noDialClientConnPool.GetClientConn" }, { "name": "http2noDialH2RoundTripper.RoundTrip" }, { "name": "http2pipe.Read" }, { "name": "http2priorityWriteScheduler.CloseStream" }, { "name": "http2priorityWriteScheduler.OpenStream" }, { "name": "http2pseudoHeaderError.Error" }, { "name": "http2requestBody.Close" }, { "name": "http2requestBody.Read" }, { "name": "http2responseWriter.Flush" }, { "name": "http2responseWriter.FlushError" }, { "name": "http2responseWriter.Push" }, { "name": "http2responseWriter.SetReadDeadline" }, { "name": "http2responseWriter.SetWriteDeadline" }, { "name": "http2responseWriter.Write" }, { "name": "http2responseWriter.WriteHeader" }, { "name": "http2responseWriter.WriteString" }, { "name": "http2roundRobinWriteScheduler.OpenStream" }, { "name": "http2serverConn.CloseConn" }, { "name": "http2serverConn.Flush" }, { "name": "http2stickyErrWriter.Write" }, { "name": "http2transportResponseBody.Close" }, { "name": "http2transportResponseBody.Read" }, { "name": "http2writeData.String" }, { "name": "initALPNRequest.ServeHTTP" }, { "name": "loggingConn.Close" }, { "name": "loggingConn.Read" }, { "name": "loggingConn.Write" }, { "name": "maxBytesReader.Close" }, { "name": "maxBytesReader.Read" }, { "name": "onceCloseListener.Close" }, { "name": "persistConn.Read" }, { "name": "persistConnWriter.ReadFrom" }, { "name": "persistConnWriter.Write" }, { "name": "populateResponse.Write" }, { "name": "populateResponse.WriteHeader" }, { "name": "readTrackingBody.Close" }, { "name": "readTrackingBody.Read" }, { "name": "readWriteCloserBody.Read" }, { "name": "redirectHandler.ServeHTTP" }, { "name": "response.Flush" }, { "name": "response.FlushError" }, { "name": "response.Hijack" }, { "name": "response.ReadFrom" }, { "name": "response.Write" }, { "name": "response.WriteHeader" }, { "name": "response.WriteString" }, { "name": "serverHandler.ServeHTTP" }, { "name": "socksDialer.DialWithConn" }, { "name": "socksUsernamePassword.Authenticate" }, { "name": "stringWriter.WriteString" }, { "name": "timeoutHandler.ServeHTTP" }, { "name": "timeoutWriter.Write" }, { "name": "timeoutWriter.WriteHeader" }, { "name": "transportReadFromServerError.Error" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.21.9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.22.2", "status": "affected", "version": "1.22.0-0", "versionType": "semver" } ] }, { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "golang.org/x/net/http2", "product": "golang.org/x/net/http2", "programRoutines": [ { "name": "Framer.readMetaFrame" }, { "name": "ClientConn.Close" }, { "name": "ClientConn.Ping" }, { "name": "ClientConn.RoundTrip" }, { "name": "ClientConn.Shutdown" }, { "name": "ConfigureServer" }, { "name": "ConfigureTransport" }, { "name": "ConfigureTransports" }, { "name": "ConnectionError.Error" }, { "name": "ErrCode.String" }, { "name": "FrameHeader.String" }, { "name": "FrameType.String" }, { "name": "FrameWriteRequest.String" }, { "name": "Framer.ReadFrame" }, { "name": "Framer.WriteContinuation" }, { "name": "Framer.WriteData" }, { "name": "Framer.WriteDataPadded" }, { "name": "Framer.WriteGoAway" }, { "name": "Framer.WriteHeaders" }, { "name": "Framer.WritePing" }, { "name": "Framer.WritePriority" }, { "name": "Framer.WritePushPromise" }, { "name": "Framer.WriteRSTStream" }, { "name": "Framer.WriteRawFrame" }, { "name": "Framer.WriteSettings" }, { "name": "Framer.WriteSettingsAck" }, { "name": "Framer.WriteWindowUpdate" }, { "name": "GoAwayError.Error" }, { "name": "ReadFrameHeader" }, { "name": "Server.ServeConn" }, { "name": "Setting.String" }, { "name": "SettingID.String" }, { "name": "SettingsFrame.ForeachSetting" }, { "name": "StreamError.Error" }, { "name": "Transport.CloseIdleConnections" }, { "name": "Transport.NewClientConn" }, { "name": "Transport.RoundTrip" }, { "name": "Transport.RoundTripOpt" }, { "name": "bufferedWriter.Flush" }, { "name": "bufferedWriter.Write" }, { "name": "chunkWriter.Write" }, { "name": "clientConnPool.GetClientConn" }, { "name": "connError.Error" }, { "name": "dataBuffer.Read" }, { "name": "duplicatePseudoHeaderError.Error" }, { "name": "gzipReader.Close" }, { "name": "gzipReader.Read" }, { "name": "headerFieldNameError.Error" }, { "name": "headerFieldValueError.Error" }, { "name": "noDialClientConnPool.GetClientConn" }, { "name": "noDialH2RoundTripper.RoundTrip" }, { "name": "pipe.Read" }, { "name": "priorityWriteScheduler.CloseStream" }, { "name": "priorityWriteScheduler.OpenStream" }, { "name": "pseudoHeaderError.Error" }, { "name": "requestBody.Close" }, { "name": "requestBody.Read" }, { "name": "responseWriter.Flush" }, { "name": "responseWriter.FlushError" }, { "name": "responseWriter.Push" }, { "name": "responseWriter.SetReadDeadline" }, { "name": "responseWriter.SetWriteDeadline" }, { "name": "responseWriter.Write" }, { "name": "responseWriter.WriteHeader" }, { "name": "responseWriter.WriteString" }, { "name": "roundRobinWriteScheduler.OpenStream" }, { "name": "serverConn.CloseConn" }, { "name": "serverConn.Flush" }, { "name": "stickyErrWriter.Write" }, { "name": "transportResponseBody.Close" }, { "name": "transportResponseBody.Read" }, { "name": "writeData.String" } ], "vendor": "golang.org/x/net", "versions": [ { "lessThan": "0.23.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Bartek Nowotarski (https://nowotarski.info/)" } ], "descriptions": [ { "lang": "en", "value": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-04T20:37:30.714Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/65051" }, { "url": "https://go.dev/cl/576155" }, { "url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2687" }, { "url": "https://security.netapp.com/advisory/ntap-20240419-0009/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/05/4" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16" } ], "title": "HTTP/2 CONTINUATION flood in net/http" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-45288", "datePublished": "2024-04-04T20:37:30.714Z", "dateReserved": "2023-10-06T17:06:26.221Z", "dateUpdated": "2024-08-26T20:40:01.996Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-47024
Vulnerability from cvelistv5
Published
2023-01-20 00:00
Modified
2024-08-03 14:47
Severity ?
EPSS score ?
Summary
A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:47:28.451Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19" }, { "name": "FEDORA-2023-2db4df65c3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/" }, { "name": "FEDORA-2023-93fb5b08eb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19" }, { "name": "FEDORA-2023-2db4df65c3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/" }, { "name": "FEDORA-2023-93fb5b08eb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-47024", "datePublished": "2023-01-20T00:00:00", "dateReserved": "2022-12-12T00:00:00", "dateUpdated": "2024-08-03T14:47:28.451Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6597
Vulnerability from cvelistv5
Published
2024-03-19 15:44
Modified
2024-11-05 19:16
Severity ?
EPSS score ?
Summary
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cpython", "vendor": "python_software_foundation", "versions": [ { "lessThan": "3.8.19", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "3.9.19", "status": "affected", "version": "3.9.0", "versionType": "custom" }, { "lessThan": "3.10.14", "status": "affected", "version": "3.10.0", "versionType": "custom" }, { "lessThan": "3.11.8", "status": "affected", "version": "3.11.0", "versionType": "custom" }, { "lessThan": "3.12.1", "status": "affected", "version": "3.12.0", "versionType": "custom" }, { "lessThan": "3.13.0a3", "status": "affected", "version": "3.13.0a1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-6597", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-05T19:08:44.665083Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T19:16:27.862Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://github.com/python/cpython/issues/91133" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [ { "lessThan": "3.8.19", "status": "affected", "version": "0", "versionType": "python" }, { "lessThan": "3.9.19", "status": "affected", "version": "3.9.0", "versionType": "python" }, { "lessThan": "3.10.14", "status": "affected", "version": "3.10.0", "versionType": "python" }, { "lessThan": "3.11.8", "status": "affected", "version": "3.11.0", "versionType": "python" }, { "lessThan": "3.12.1", "status": "affected", "version": "3.12.0", "versionType": "python" }, { "lessThan": "3.13.0a3", "status": "affected", "version": "3.13.0a1", "versionType": "python" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003cbr\u003e\u003cbr\u003eThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\u003cbr\u003e" } ], "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:24:11.289Z", "orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF" }, "references": [ { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/python/cpython/issues/91133" }, { "tags": [ "vendor-advisory" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "assignerShortName": "PSF", "cveId": "CVE-2023-6597", "datePublished": "2024-03-19T15:44:28.989Z", "dateReserved": "2023-12-07T20:59:23.246Z", "dateUpdated": "2024-11-05T19:16:27.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0727
Vulnerability from cvelistv5
Published
2024-01-26 08:57
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.
A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer
dereference that results in OpenSSL crashing. If an application processes PKCS12
files from an untrusted source using the OpenSSL APIs then that application will
be vulnerable to this issue.
OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security significant.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:17.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20240125.txt" }, { "name": "3.2.1 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a" }, { "name": "3.1.5 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c" }, { "name": "3.0.13 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2" }, { "name": "1.1.1x git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8" }, { "name": "1.0.2zj git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240208-0006/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.2.1", "status": "affected", "version": "3.2.0", "versionType": "semver" }, { "lessThan": "3.1.5", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.13", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1x", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zj", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bahaa Naamneh (Crosspoint Labs)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2024-01-25T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\u003cbr\u003eto crash leading to a potential Denial of Service attack\u003cbr\u003e\u003cbr\u003eImpact summary: Applications loading files in the PKCS12 format from untrusted\u003cbr\u003esources might terminate abruptly.\u003cbr\u003e\u003cbr\u003eA file in PKCS12 format can contain certificates and keys and may come from an\u003cbr\u003euntrusted source. The PKCS12 specification allows certain fields to be NULL, but\u003cbr\u003eOpenSSL does not correctly check for this case. This can lead to a NULL pointer\u003cbr\u003edereference that results in OpenSSL crashing. If an application processes PKCS12\u003cbr\u003efiles from an untrusted source using the OpenSSL APIs then that application will\u003cbr\u003ebe vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\u003cbr\u003ePKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\u003cbr\u003eand PKCS12_newpass().\u003cbr\u003e\u003cbr\u003eWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\u003cbr\u003efunction is related to writing data we do not consider it security significant.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue." } ], "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:58.371Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20240125.txt" }, { "name": "3.2.1 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a" }, { "name": "3.1.5 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c" }, { "name": "3.0.13 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2" }, { "name": "1.1.1x git commit", "tags": [ "patch" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8" }, { "name": "1.0.2zj git commit", "tags": [ "patch" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539" } ], "source": { "discovery": "UNKNOWN" }, "title": "PKCS12 Decoding crashes", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2024-0727", "datePublished": "2024-01-26T08:57:19.579Z", "dateReserved": "2024-01-19T11:01:11.010Z", "dateUpdated": "2024-10-14T14:55:58.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-47629
Vulnerability from cvelistv5
Published
2022-12-20 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:02:35.911Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070" }, { "tags": [ "x_transferred" ], "url": "https://dev.gnupg.org/T6284" }, { "name": "DSA-5305", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5305" }, { "name": "[debian-lts-announce] 20221224 [SECURITY] [DLA 3248-1] libksba security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html" }, { "name": "GLSA-202212-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-07" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0011/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-16T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070" }, { "url": "https://dev.gnupg.org/T6284" }, { "name": "DSA-5305", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5305" }, { "name": "[debian-lts-announce] 20221224 [SECURITY] [DLA 3248-1] libksba security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html" }, { "name": "GLSA-202212-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-07" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0011/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-47629", "datePublished": "2022-12-20T00:00:00", "dateReserved": "2022-12-20T00:00:00", "dateUpdated": "2024-08-03T15:02:35.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28834
Vulnerability from cvelistv5
Published
2024-03-21 13:29
Modified
2024-11-25 02:45
Severity ?
EPSS score ?
Summary
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1784 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1879 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1997 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2044 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2570 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2889 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-28834 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2269228 | issue-tracking, x_refsource_REDHAT | |
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html | ||
https://minerva.crocs.fi.muni.cz/ |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 3.7.6-23 |
||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28834", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-21T18:20:34.669036Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:15.410Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.323Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/22/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/22/2" }, { "name": "RHSA-2024:1784", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1784" }, { "name": "RHSA-2024:1879", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1879" }, { "name": "RHSA-2024:1997", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1997" }, { "name": "RHSA-2024:2044", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2044" }, { "name": "RHSA-2024:2570", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2570" }, { "name": "RHSA-2024:2889", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2889" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-28834" }, { "name": "RHBZ#2269228", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269228" }, { "tags": [ "x_transferred" ], "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html" }, { "tags": [ "x_transferred" ], "url": "https://minerva.crocs.fi.muni.cz/" }, { "tags": [ "x_transferred" ], "url": "https://people.redhat.com/~hkario/marvin/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/gnutls/gnutls/", "defaultStatus": "unaffected", "packageName": "gnutls", "versions": [ { "status": "affected", "version": "3.7.6-23" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.6.16-8.el8_9.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.6.16-8.el8_9.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.6.16-5.el8_6.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.6.16-7.el8_8.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-23.el9_3.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-23.el9_3.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-21.el9_2.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2024-03-21T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-327", "description": "Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-25T02:45:53.454Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1784", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1784" }, { "name": "RHSA-2024:1879", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1879" }, { "name": "RHSA-2024:1997", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1997" }, { "name": "RHSA-2024:2044", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2044" }, { "name": "RHSA-2024:2570", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2570" }, { "name": "RHSA-2024:2889", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2889" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-28834" }, { "name": "RHBZ#2269228", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269228" }, { "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html" }, { "url": "https://minerva.crocs.fi.muni.cz/" } ], "timeline": [ { "lang": "en", "time": "2024-03-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-03-21T00:00:00+00:00", "value": "Made public." } ], "title": "Gnutls: vulnerable to minerva side-channel information leak", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-28834", "datePublished": "2024-03-21T13:29:11.532Z", "dateReserved": "2024-03-11T14:43:43.973Z", "dateUpdated": "2024-11-25T02:45:53.454Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39975
Vulnerability from cvelistv5
Published
2023-08-16 00:00
Modified
2024-08-02 18:18
Severity ?
EPSS score ?
Summary
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:18:10.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://web.mit.edu/kerberos/www/advisories/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final" }, { "tags": [ "x_transferred" ], "url": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230915-0014/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240201-0008/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240201-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-01T17:06:58.025613", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://web.mit.edu/kerberos/www/advisories/" }, { "url": "https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final" }, { "url": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840" }, { "url": "https://security.netapp.com/advisory/ntap-20230915-0014/" }, { "url": "https://security.netapp.com/advisory/ntap-20240201-0008/" }, { "url": "https://security.netapp.com/advisory/ntap-20240201-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-39975", "datePublished": "2023-08-16T00:00:00", "dateReserved": "2023-08-07T00:00:00", "dateUpdated": "2024-08-02T18:18:10.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1313
Vulnerability from cvelistv5
Published
2024-03-26 17:24
Modified
2024-08-01 18:33
Severity ?
EPSS score ?
Summary
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized.
Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo
Alto Research for discovering and disclosing this vulnerability.
This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1313", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T20:46:01.440788Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-10T20:46:07.773Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:33:25.596Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://grafana.com/security/security-advisories/cve-2024-1313/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "Grafana", "repo": "https://github.com/grafana/grafana", "vendor": "Grafana", "versions": [ { "lessThan": "9.5.18", "status": "affected", "version": "9.5.0", "versionType": "semver" }, { "lessThan": "10.0.13", "status": "affected", "version": "10.0.0", "versionType": "semver" }, { "lessThan": "10.1.9", "status": "affected", "version": "10.1.0", "versionType": "semver" }, { "lessThan": "10.2.6", "status": "affected", "version": "10.2.0", "versionType": "semver" }, { "lessThan": "10.3.5", "status": "affected", "version": "10.3.0", "versionType": "semver" }, { "status": "unaffected", "version": "10.4.0" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "To be exposed to this issue, a grafana instance must be configured with multiple organizations and have the snapshots feature turned on.\u003cbr\u003e" } ], "value": "To be exposed to this issue, a grafana instance must be configured with multiple organizations and have the snapshots feature turned on.\n" } ], "credits": [ { "lang": "en", "type": "finder", "value": "Ravid Mazon" }, { "lang": "en", "type": "finder", "value": "Jay Chen" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/\u0026lt;key\u0026gt; using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized.\u003cbr\u003e\u003cp\u003e\u003cbr\u003eGrafana Labs would like to thank Ravid Mazon and Jay Chen of Palo \nAlto Research for discovering and disclosing this vulnerability.\u003cbr\u003e\u003cbr\u003eThis issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e" } ], "value": "It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/\u003ckey\u003e using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized.\n\nGrafana Labs would like to thank Ravid Mazon and Jay Chen of Palo \nAlto Research for discovering and disclosing this vulnerability.\n\nThis issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.\n\n" } ], "impacts": [ { "capecId": "CAPEC-137", "descriptions": [ { "lang": "en", "value": "CAPEC-137 Parameter Injection" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-26T17:24:25.956Z", "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA" }, "references": [ { "url": "https://grafana.com/security/security-advisories/cve-2024-1313/" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0008/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Users outside an organization can delete a snapshot with its key", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "assignerShortName": "GRAFANA", "cveId": "CVE-2024-1313", "datePublished": "2024-03-26T17:24:25.956Z", "dateReserved": "2024-02-07T15:15:07.330Z", "dateUpdated": "2024-08-01T18:33:25.596Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29491
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2024-11-27 14:45
Severity ?
EPSS score ?
Summary
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:07:46.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/04/13/4" }, { "tags": [ "x_transferred" ], "url": "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/04/12/5" }, { "name": "[oss-security] 20230419 Re: ncurses fixes upstream", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/04/19/10" }, { "name": "[oss-security] 20230419 RE: [EXTERNAL] Re: ncurses fixes upstream", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/04/19/11" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230517-0009/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213843" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213844" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213845" }, { "name": "[debian-lts-announce] 20231203 [SECURITY] [DLA 3682-1] ncurses security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html" }, { "name": "FEDORA-2024-96090dafaf", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-29491", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-27T14:44:41.346506Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-27T14:45:38.232Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-31T03:06:18.151995", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2023/04/13/4" }, { "url": "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56" }, { "url": "https://www.openwall.com/lists/oss-security/2023/04/12/5" }, { "name": "[oss-security] 20230419 Re: ncurses fixes upstream", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/04/19/10" }, { "name": "[oss-security] 20230419 RE: [EXTERNAL] Re: ncurses fixes upstream", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/04/19/11" }, { "url": "https://security.netapp.com/advisory/ntap-20230517-0009/" }, { "url": "https://support.apple.com/kb/HT213843" }, { "url": "https://support.apple.com/kb/HT213844" }, { "url": "https://support.apple.com/kb/HT213845" }, { "name": "[debian-lts-announce] 20231203 [SECURITY] [DLA 3682-1] ncurses security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html" }, { "name": "FEDORA-2024-96090dafaf", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-29491", "datePublished": "2023-04-14T00:00:00", "dateReserved": "2023-04-07T00:00:00", "dateUpdated": "2024-11-27T14:45:38.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1394
Vulnerability from cvelistv5
Published
2024-03-21 12:16
Modified
2024-12-17 21:47
Severity ?
EPSS score ?
Summary
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected: 0:1.4.5-1.el8ap < * cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1394", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-21T18:21:05.099385Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T13:50:55.732Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:40:20.583Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1462", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1462" }, { "name": "RHSA-2024:1468", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1468" }, { "name": "RHSA-2024:1472", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1472" }, { "name": "RHSA-2024:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1501" }, { "name": "RHSA-2024:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1502" }, { "name": "RHSA-2024:1561", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1561" }, { "name": "RHSA-2024:1563", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1563" }, { "name": "RHSA-2024:1566", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1566" }, { "name": "RHSA-2024:1567", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1567" }, { "name": "RHSA-2024:1574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1574" }, { "name": "RHSA-2024:1640", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1640" }, { "name": "RHSA-2024:1644", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1644" }, { "name": "RHSA-2024:1646", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1646" }, { "name": "RHSA-2024:1763", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1763" }, { "name": "RHSA-2024:1897", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1897" }, { "name": "RHSA-2024:2562", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2562" }, { "name": "RHSA-2024:2568", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2568" }, { "name": "RHSA-2024:2569", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2569" }, { "name": "RHSA-2024:2729", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2729" }, { "name": "RHSA-2024:2730", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2730" }, { "name": "RHSA-2024:2767", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2767" }, { "name": "RHSA-2024:3265", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3265" }, { "name": "RHSA-2024:3352", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3352" }, { "name": "RHSA-2024:4146", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4146" }, { "name": "RHSA-2024:4371", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4371" }, { "name": "RHSA-2024:4378", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4378" }, { "name": "RHSA-2024:4379", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4379" }, { "name": "RHSA-2024:4502", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4502" }, { "name": "RHSA-2024:4581", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4581" }, { "name": "RHSA-2024:4591", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4591" }, { "name": "RHSA-2024:4672", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4672" }, { "name": "RHSA-2024:4699", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4699" }, { "name": "RHSA-2024:4761", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4761" }, { "name": "RHSA-2024:4762", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4762" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1394" }, { "name": "RHBZ#2262921", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921" }, { "tags": [ "x_transferred" ], "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136" }, { "tags": [ "x_transferred" ], "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6" }, { "tags": [ "x_transferred" ], "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2660" }, { "tags": [ "x_transferred" ], "url": "https://vuln.go.dev/ID/GO-2024-2660.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8" ], "defaultStatus": "affected", "packageName": "receptor", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.4.5-1.el8ap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8" ], "defaultStatus": "affected", "packageName": "receptor", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.4.5-1.el9ap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:devtools:2023::el7" ], "defaultStatus": "affected", "packageName": "go-toolset-1.19-golang", "product": "Red Hat Developer Tools", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.19.13-6.el7_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "go-toolset:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8090020240313170136.26eb71ac", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-8.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-16.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240808093819.afee755d", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:101-2.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.20.12-2.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-8.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.21.9-2.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-16.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.33.7-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-5.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gvisor-tap-vsock", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "6:0.7.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.14.3-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:9.0::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.2.0-4.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:9.0::appstream" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.0.1-6.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.19.13-7.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.4.1-20.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.23.4-5.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.16.0-2.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.1.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.0-2.2.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.14.0-5.2.rhaos4.12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.2.0-7.2.rhaos4.12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:1.1.6-5.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.9.4-3.2.rhaos4.12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-2.2.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.1.rhaos4.13.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.0-4.1.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.15.0-7.1.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-6.2.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.1.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-2.2.rhaos4.13.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.19.0-1.3.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.2.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.0-3.1.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.1.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ose-aws-ecr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-11.3.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-10.3.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-10.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.19.0-1.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "conmon", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:2.1.7-3.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.3.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.0-3.2.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.2.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift4-aws-iso", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-ansible", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-kuryr", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ose-aws-ecr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-11.4.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.2.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-10.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9" ], "defaultStatus": "affected", "packageName": "microshift", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "414.92.202407300859-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-20.3.rhaos4.15.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.20.0-1.1.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.2.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.0-3.1.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.1.rhaos4.15.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "ose-aws-ecr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-21.1.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.1.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-21.2.rhaos4.15.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "microshift", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "415.92.202407191425-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2::el8" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.3.23-16.el8ost", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1::el8" ], "defaultStatus": "affected", "packageName": "collectd-sensubility", "product": "Red Hat OpenStack Platform 17.1 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.2.1-3.el8ost", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1::el9" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.4.26-8.el9ost", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1::el9" ], "defaultStatus": "affected", "packageName": "collectd-sensubility", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.2.1-3.el9ost", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.16::el9" ], "defaultStatus": "affected", "packageName": "odf4/mcg-operator-bundle", "product": "RHODF-4.16-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-137", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.16::el9" ], "defaultStatus": "affected", "packageName": "odf4/mcg-rhel9-operator", "product": "RHODF-4.16-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-38", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:network_bound_disk_encryption_tang:1" ], "defaultStatus": "affected", "packageName": "tang-operator-bundle-container", "product": "NBDE Tang Server", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "helm", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "odo", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_pipelines:1" ], "defaultStatus": "affected", "packageName": "openshift-pipelines-client", "product": "OpenShift Pipelines", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "packageName": "openshift-serverless-clients", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform" ], "defaultStatus": "affected", "packageName": "helm", "product": "Red Hat Ansible Automation Platform 1.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat Ansible Automation Platform 1.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:certifications:1::el8" ], "defaultStatus": "affected", "packageName": "redhat-certification-preflight", "product": "Red Hat Certification for Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:certifications:1::el9" ], "defaultStatus": "affected", "packageName": "redhat-certification-preflight", "product": "Red Hat Certification for Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "buildah", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "containernetworking-plugins", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "host-metering", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "podman", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "rhc-worker-script", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/buildah", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/conmon", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/containernetworking-plugins", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/podman", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/runc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/skopeo", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/toolbox", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "git-lfs", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "rhc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "weldr-client", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "git-lfs", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "toolbox", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "weldr-client", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "conmon-rs", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "golang-github-prometheus-promu", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "lifecycle-agent-operator-bundle-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unknown", "packageName": "openshift4/bare-metal-event-relay-operator-bundle", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/numaresources-operator-bundle", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-cluster-machine-approver", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_container_storage:4" ], "defaultStatus": "unknown", "packageName": "mcg", "product": "Red Hat Openshift Container Storage 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_devspaces:3:" ], "defaultStatus": "affected", "packageName": "devspaces/machineexec-rhel8", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_gitops:1" ], "defaultStatus": "affected", "packageName": "openshift-gitops-1/gitops-operator-bundle", "product": "Red Hat OpenShift GitOps", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_service_on_aws:1" ], "defaultStatus": "affected", "packageName": "rosa", "product": "Red Hat OpenShift on AWS", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "unaffected", "packageName": "kubevirt", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.1" ], "defaultStatus": "unknown", "packageName": "etcd", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.1" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.1" ], "defaultStatus": "unaffected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "golang-github-infrawatch-apputils", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "unaffected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "golang-github-infrawatch-apputils", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "unaffected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:18.0" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 18.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "qpid-proton", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "skupper-cli", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "skupper-router", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-git227-git-lfs", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:storage:3" ], "defaultStatus": "unknown", "packageName": "heketi", "product": "Red Hat Storage 3", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue." } ], "datePublic": "2024-03-20T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T21:47:17.516Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1462", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1462" }, { "name": "RHSA-2024:1468", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1468" }, { "name": "RHSA-2024:1472", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1472" }, { "name": "RHSA-2024:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1501" }, { "name": "RHSA-2024:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1502" }, { "name": "RHSA-2024:1561", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1561" }, { "name": "RHSA-2024:1563", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1563" }, { "name": "RHSA-2024:1566", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1566" }, { "name": "RHSA-2024:1567", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1567" }, { "name": "RHSA-2024:1574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1574" }, { "name": "RHSA-2024:1640", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1640" }, { "name": "RHSA-2024:1644", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1644" }, { "name": "RHSA-2024:1646", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1646" }, { "name": "RHSA-2024:1763", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1763" }, { "name": "RHSA-2024:1897", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1897" }, { "name": "RHSA-2024:2562", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2562" }, { "name": "RHSA-2024:2568", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2568" }, { "name": "RHSA-2024:2569", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2569" }, { "name": "RHSA-2024:2729", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2729" }, { "name": "RHSA-2024:2730", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2730" }, { "name": "RHSA-2024:2767", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2767" }, { "name": "RHSA-2024:3265", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3265" }, { "name": "RHSA-2024:3352", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3352" }, { "name": "RHSA-2024:4146", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4146" }, { "name": "RHSA-2024:4371", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4371" }, { "name": "RHSA-2024:4378", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4378" }, { "name": "RHSA-2024:4379", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4379" }, { "name": "RHSA-2024:4502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4502" }, { "name": "RHSA-2024:4581", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4581" }, { "name": "RHSA-2024:4591", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4591" }, { "name": "RHSA-2024:4672", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4672" }, { "name": "RHSA-2024:4699", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4699" }, { "name": "RHSA-2024:4761", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4761" }, { "name": "RHSA-2024:4762", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4762" }, { "name": "RHSA-2024:4960", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4960" }, { "name": "RHSA-2024:5258", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5258" }, { "name": "RHSA-2024:5634", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5634" }, { "name": "RHSA-2024:7262", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7262" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1394" }, { "name": "RHBZ#2262921", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921" }, { "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136" }, { "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6" }, { "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2660" }, { "url": "https://vuln.go.dev/ID/GO-2024-2660.json" } ], "timeline": [ { "lang": "en", "time": "2024-02-06T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-03-20T00:00:00+00:00", "value": "Made public." } ], "title": "Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1394", "datePublished": "2024-03-21T12:16:38.790Z", "dateReserved": "2024-02-09T06:02:35.056Z", "dateUpdated": "2024-12-17T21:47:17.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6237
Vulnerability from cvelistv5
Published
2024-04-25 06:27
Modified
2024-11-01 14:28
Severity ?
EPSS score ?
Summary
Issue summary: Checking excessively long invalid RSA public keys may take
a long time.
Impact summary: Applications that use the function EVP_PKEY_public_check()
to check RSA public keys may experience long delays. Where the key that
is being checked has been obtained from an untrusted source this may lead
to a Denial of Service.
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the '-pubin' and '-check' options on untrusted data.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:18.096Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20240115.txt" }, { "name": "3.0.13 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a" }, { "name": "3.1.5 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294" }, { "name": "3.2.1 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240531-0007/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-6237", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-20T14:44:52.382969Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-01T14:28:51.338Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.13", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "3.1.5", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.2.1", "status": "affected", "version": "3.2.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "OSS-Fuzz" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Tomas Mraz" } ], "datePublic": "2024-01-15T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Checking excessively long invalid RSA public keys may take\u003cbr\u003ea long time.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the function EVP_PKEY_public_check()\u003cbr\u003eto check RSA public keys may experience long delays. Where the key that\u003cbr\u003eis being checked has been obtained from an untrusted source this may lead\u003cbr\u003eto a Denial of Service.\u003cbr\u003e\u003cbr\u003eWhen function EVP_PKEY_public_check() is called on RSA public keys,\u003cbr\u003ea computation is done to confirm that the RSA modulus, n, is composite.\u003cbr\u003eFor valid RSA keys, n is a product of two or more large primes and this\u003cbr\u003ecomputation completes quickly. However, if n is an overly large prime,\u003cbr\u003ethen this computation would take a long time.\u003cbr\u003e\u003cbr\u003eAn application that calls EVP_PKEY_public_check() and supplies an RSA key\u003cbr\u003eobtained from an untrusted source could be vulnerable to a Denial of Service\u003cbr\u003eattack.\u003cbr\u003e\u003cbr\u003eThe function EVP_PKEY_public_check() is not called from other OpenSSL\u003cbr\u003efunctions however it is called from the OpenSSL pkey command line\u003cbr\u003eapplication. For that reason that application is also vulnerable if used\u003cbr\u003ewith the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue." } ], "value": "Issue summary: Checking excessively long invalid RSA public keys may take\na long time.\n\nImpact summary: Applications that use the function EVP_PKEY_public_check()\nto check RSA public keys may experience long delays. Where the key that\nis being checked has been obtained from an untrusted source this may lead\nto a Denial of Service.\n\nWhen function EVP_PKEY_public_check() is called on RSA public keys,\na computation is done to confirm that the RSA modulus, n, is composite.\nFor valid RSA keys, n is a product of two or more large primes and this\ncomputation completes quickly. However, if n is an overly large prime,\nthen this computation would take a long time.\n\nAn application that calls EVP_PKEY_public_check() and supplies an RSA key\nobtained from an untrusted source could be vulnerable to a Denial of Service\nattack.\n\nThe function EVP_PKEY_public_check() is not called from other OpenSSL\nfunctions however it is called from the OpenSSL pkey command line\napplication. For that reason that application is also vulnerable if used\nwith the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-606", "description": "CWE-606 Unchecked Input for Loop Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:56.955Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20240115.txt" }, { "name": "3.0.13 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a" }, { "name": "3.1.5 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294" }, { "name": "3.2.1 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d" } ], "source": { "discovery": "UNKNOWN" }, "title": "Excessive time spent checking invalid RSA public keys", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-6237", "datePublished": "2024-04-25T06:27:26.990Z", "dateReserved": "2023-11-21T10:16:34.346Z", "dateUpdated": "2024-11-01T14:28:51.338Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6918
Vulnerability from cvelistv5
Published
2023-12-18 23:27
Modified
2024-11-24 12:54
Severity ?
EPSS score ?
Summary
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2504 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3233 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6918 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2254997 | issue-tracking, x_refsource_REDHAT | |
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ | ||
https://www.libssh.org/security/advisories/CVE-2023-6918.txt |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:0.9.6-14.el8 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:08.414Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2504", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2504" }, { "name": "RHSA-2024:3233", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3233" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6918" }, { "name": "RHBZ#2254997", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254997" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "tags": [ "x_transferred" ], "url": "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/" }, { "tags": [ "x_transferred" ], "url": "https://www.libssh.org/security/advisories/CVE-2023-6918.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "libssh", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.9.6-14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "libssh", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.9.6-14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libssh", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.10.4-13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libssh", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.10.4-13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libssh2", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libssh", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libssh2", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Jack Weinstein (\u003cmike.code.bb.h@gmail.com\u003e) for reporting this issue." } ], "datePublic": "2023-12-18T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-252", "description": "Unchecked Return Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T12:54:46.775Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2504", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2504" }, { "name": "RHSA-2024:3233", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3233" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6918" }, { "name": "RHBZ#2254997", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254997" }, { "url": "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/" }, { "url": "https://www.libssh.org/security/advisories/CVE-2023-6918.txt" } ], "timeline": [ { "lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Made public." } ], "title": "Libssh: missing checks for return values for digests", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-252: Unchecked Return Value" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6918", "datePublished": "2023-12-18T23:27:48.540Z", "dateReserved": "2023-12-18T11:40:15.080Z", "dateUpdated": "2024-11-24T12:54:46.775Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0450
Vulnerability from cvelistv5
Published
2024-03-19 15:12
Modified
2024-08-02 15:00
Severity ?
EPSS score ?
Summary
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:04:49.775Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://github.com/python/cpython/issues/109858" }, { "tags": [ "x_transferred" ], "url": "https://www.bamsoftware.com/hacks/zipbomb/" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cpython", "vendor": "python", "versions": [ { "lessThan": "3.8.18", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "affected", "version": "3.9.18" }, { "status": "affected", "version": "3.10.13" }, { "status": "affected", "version": "3.11.7" }, { "status": "affected", "version": "3.12.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-0450", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-20T14:30:38.300055Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-02T15:00:26.971Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [ { "lessThan": "3.8.19", "status": "affected", "version": "0", "versionType": "python" }, { "lessThan": "3.9.19", "status": "affected", "version": "3.9.0", "versionType": "python" }, { "lessThan": "3.10.14", "status": "affected", "version": "3.10.0", "versionType": "python" }, { "lessThan": "3.11.8", "status": "affected", "version": "3.11.0", "versionType": "python" }, { "lessThan": "3.12.2", "status": "affected", "version": "3.12.0", "versionType": "python" }, { "lessThan": "3.13.0a3", "status": "affected", "version": "3.13.0a1", "versionType": "python" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e" } ], "value": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n" } ], "impacts": [ { "capecId": "CAPEC-130", "descriptions": [ { "lang": "en", "value": "CAPEC-130 Excessive Allocation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:24:15.993Z", "orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF" }, "references": [ { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/python/cpython/issues/109858" }, { "url": "https://www.bamsoftware.com/hacks/zipbomb/" }, { "tags": [ "vendor-advisory" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Quoted zip-bomb protection for zipfile", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "assignerShortName": "PSF", "cveId": "CVE-2024-0450", "datePublished": "2024-03-19T15:12:07.789Z", "dateReserved": "2024-01-11T22:16:41.964Z", "dateUpdated": "2024-08-02T15:00:26.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48468
Vulnerability from cvelistv5
Published
2023-04-13 00:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:17:55.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/protobuf-c/protobuf-c/issues/499" }, { "tags": [ "x_transferred" ], "url": "https://github.com/protobuf-c/protobuf-c/pull/513" }, { "tags": [ "x_transferred" ], "url": "https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217" }, { "tags": [ "x_transferred" ], "url": "https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1" }, { "name": "FEDORA-2023-4e094d5297", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/" }, { "name": "FEDORA-2023-6cfe134db6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/" }, { "name": "FEDORA-2023-8b0938312e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-29T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/protobuf-c/protobuf-c/issues/499" }, { "url": "https://github.com/protobuf-c/protobuf-c/pull/513" }, { "url": "https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217" }, { "url": "https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1" }, { "name": "FEDORA-2023-4e094d5297", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/" }, { "name": "FEDORA-2023-6cfe134db6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/" }, { "name": "FEDORA-2023-8b0938312e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48468", "datePublished": "2023-04-13T00:00:00", "dateReserved": "2023-04-13T00:00:00", "dateUpdated": "2024-08-03T15:17:55.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5517
Vulnerability from cvelistv5
Published
2024-02-13 14:04
Modified
2024-08-22 13:56
Severity ?
EPSS score ?
Summary
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:
- `nxdomain-redirect <domain>;` is configured, and
- the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.
This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:59:44.936Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2023-5517", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-5517" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240503-0006/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:isc:bind_9:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bind_9", "vendor": "isc", "versions": [ { "lessThanOrEqual": "9.16.45", "status": "affected", "version": "9.12.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.19", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.45-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-5517", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-22T13:32:01.260266Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-22T13:56:51.119Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.45", "status": "affected", "version": "9.12.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.19", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.45-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "datePublic": "2024-02-13T00:00:00Z", "descriptions": [ { "lang": "en", "value": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n - `nxdomain-redirect \u003cdomain\u003e;` is configured, and\n - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "If both of the above conditions are met, a single suitable query will cause `named` to crash." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2024-02-13T14:04:54.389Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2023-5517", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2023-5517" }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240503-0006/" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Querying RFC 1918 reverse zones may cause an assertion failure when \"nxdomain-redirect\" is enabled", "workarounds": [ { "lang": "en", "value": "Disabling the `nxdomain-redirect` feature makes the faulty code path impossible to reach, preventing this flaw from being exploitable." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2023-5517", "datePublished": "2024-02-13T14:04:54.389Z", "dateReserved": "2023-10-11T07:02:42.359Z", "dateUpdated": "2024-08-22T13:56:51.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-22195
Vulnerability from cvelistv5
Published
2024-01-11 02:25
Modified
2024-08-01 22:35
Severity ?
EPSS score ?
Summary
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T22:35:34.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95" }, { "name": "https://github.com/pallets/jinja/releases/tag/3.1.3", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/pallets/jinja/releases/tag/3.1.3" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "jinja", "vendor": "pallets", "versions": [ { "status": "affected", "version": "\u003c 3.1.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T02:25:44.239Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95" }, { "name": "https://github.com/pallets/jinja/releases/tag/3.1.3", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/pallets/jinja/releases/tag/3.1.3" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/" } ], "source": { "advisory": "GHSA-h5c8-rqwp-cp95", "discovery": "UNKNOWN" }, "title": "Jinja vulnerable to Cross-Site Scripting (XSS)" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-22195", "datePublished": "2024-01-11T02:25:44.239Z", "dateReserved": "2024-01-08T04:59:27.371Z", "dateUpdated": "2024-08-01T22:35:34.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-50387
Vulnerability from cvelistv5
Published
2024-02-14 00:00
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:16:46.692Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.athene-center.de/aktuelles/key-trap" }, { "tags": [ "x_transferred" ], "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-50387" }, { "tags": [ "x_transferred" ], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "tags": [ "x_transferred" ], "url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=39367411" }, { "tags": [ "x_transferred" ], "url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/" }, { "tags": [ "x_transferred" ], "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=39372384" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "tags": [ "x_transferred" ], "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "tags": [ "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-50387" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823" }, { "tags": [ "x_transferred" ], "url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0007/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T16:14:16.780094", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.athene-center.de/aktuelles/key-trap" }, { "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "url": "https://kb.isc.org/docs/cve-2023-50387" }, { "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/" }, { "url": "https://news.ycombinator.com/item?id=39367411" }, { "url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/" }, { "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "url": "https://news.ycombinator.com/item?id=39372384" }, { "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-50387" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823" }, { "url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0007/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-50387", "datePublished": "2024-02-14T00:00:00", "dateReserved": "2023-12-07T00:00:00", "dateUpdated": "2024-08-02T22:16:46.692Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2603
Vulnerability from cvelistv5
Published
2023-06-06 00:00
Modified
2024-08-02 06:26
Severity ?
EPSS score ?
Summary
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:26:09.726Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209113" }, { "name": "FEDORA-2023-ad944c2d34", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" }, { "name": "FEDORA-2023-5911638116", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libcap", "vendor": "n/a", "versions": [ { "status": "affected", "version": "NA" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-30T05:06:21.152575", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209113" }, { "name": "FEDORA-2023-ad944c2d34", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" }, { "name": "FEDORA-2023-5911638116", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-2603", "datePublished": "2023-06-06T00:00:00", "dateReserved": "2023-05-09T00:00:00", "dateUpdated": "2024-08-02T06:26:09.726Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.