Vulnerability-Lookup

CERTFR-2025-AVI-1078

Vulnerability from certfr_avis - Published: 2025-12-08 - Updated: 2025-12-08

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 msft-golang 1.24.9-1
Microsoft	N/A	cbl2 golang 1.22.7-5
Microsoft	N/A	azl3 golang 1.23.12-1
Microsoft	N/A	cbl2 python3 3.9.19-16
Microsoft	N/A	cbl2 python-tensorboard 2.11.0-3
Microsoft	N/A	cbl2 qt5-qtbase 5.12.11-18
Microsoft	N/A	cbl2 reaper 3.1.1-21
Microsoft	N/A	cbl2 python3 3.9.19-17
Microsoft	N/A	azl3 python-tensorboard 2.16.2-6
Microsoft	N/A	azl3 kernel 6.6.112.1-2
Microsoft	N/A	cbl2 vim 9.1.1616-1
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	azl3 tensorflow 2.16.1-9
Microsoft	N/A	cbl2 gcc 11.2.0-8
Microsoft	N/A	azl3 vim 9.1.1616-1
Microsoft	N/A	azl3 golang 1.25.3-1
Microsoft	N/A	azl3 pgbouncer 1.24.1-1
Microsoft	N/A	cbl2 tensorflow 2.11.1-2
Microsoft	N/A	azl3 libpng 1.6.40-1 versions antérieures à 1.6.52-1
Microsoft	N/A	azl3 gcc 13.2.0-7
Microsoft	N/A	azl3 python3 3.12.9-5
Microsoft	N/A	cbl2 golang 1.18.8-10
Microsoft	N/A	cbl2 reaper 3.1.1-19

References

Title

Publication Time

CVE-2022-50303 (GCVE-0-2022-50303)

Vulnerability from cvelistv5 – Published: 2025-09-15 14:45 – Updated: 2026-05-11 19:16

Title

drm/amdkfd: Fix double release compute pasid

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix double release compute pasid If kfd_process_device_init_vm returns failure after vm is converted to compute vm and vm->pasid set to compute pasid, KFD will not take pdd->drm_file reference. As a result, drm close file handler maybe called to release the compute pasid before KFD process destroy worker to release the same pasid and set vm->pasid to zero, this generates below WARNING backtrace and NULL pointer access. Add helper amdgpu_amdkfd_gpuvm_set_vm_pasid and call it at the last step of kfd_process_device_init_vm, to ensure vm pasid is the original pasid if acquiring vm failed or is the compute pasid with pdd->drm_file reference taken to avoid double release same pasid. amdgpu: Failed to create process VM object ida_free called for id=32770 which is not allocated. WARNING: CPU: 57 PID: 72542 at ../lib/idr.c:522 ida_free+0x96/0x140 RIP: 0010:ida_free+0x96/0x140 Call Trace: amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu] amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu] drm_file_free.part.13+0x216/0x270 [drm] drm_close_helper.isra.14+0x60/0x70 [drm] drm_release+0x6e/0xf0 [drm] __fput+0xcc/0x280 ____fput+0xe/0x20 task_work_run+0x96/0xc0 do_exit+0x3d0/0xc10 BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: 0010:ida_free+0x76/0x140 Call Trace: amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu] amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu] drm_file_free.part.13+0x216/0x270 [drm] drm_close_helper.isra.14+0x60/0x70 [drm] drm_release+0x6e/0xf0 [drm] __fput+0xcc/0x280 ____fput+0xe/0x20 task_work_run+0x96/0xc0 do_exit+0x3d0/0xc10

Severity

No CVSS data available.

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/89f0d766c9e3fdeaf…
https://git.kernel.org/stable/c/a02c07b6198991793…
https://git.kernel.org/stable/c/1a799c4c190ea9f0e…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 88f7f88159bcdff96b2a5d244b26c8ba99b5e773 , < 89f0d766c9e3fdeafbed6f855d433c2768cde862 (git) Affected: 88f7f88159bcdff96b2a5d244b26c8ba99b5e773 , < a02c07b619899179384fde06f951530438a3512d (git) Affected: 88f7f88159bcdff96b2a5d244b26c8ba99b5e773 , < 1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5 (git)
Linux	Linux	Affected: 5.15 Unaffected: 0 , < 5.15 (semver) Unaffected: 6.0.19 , ≤ 6.0.* (semver) Unaffected: 6.1.5 , ≤ 6.1.* (semver) Unaffected: 6.2 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h",
            "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c",
            "drivers/gpu/drm/amd/amdkfd/kfd_process.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "89f0d766c9e3fdeafbed6f855d433c2768cde862",
              "status": "affected",
              "version": "88f7f88159bcdff96b2a5d244b26c8ba99b5e773",
              "versionType": "git"
            },
            {
              "lessThan": "a02c07b619899179384fde06f951530438a3512d",
              "status": "affected",
              "version": "88f7f88159bcdff96b2a5d244b26c8ba99b5e773",
              "versionType": "git"
            },
            {
              "lessThan": "1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5",
              "status": "affected",
              "version": "88f7f88159bcdff96b2a5d244b26c8ba99b5e773",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h",
            "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c",
            "drivers/gpu/drm/amd/amdkfd/kfd_process.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.19",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.5",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix double release compute pasid\n\nIf kfd_process_device_init_vm returns failure after vm is converted to\ncompute vm and vm-\u003epasid set to compute pasid, KFD will not take\npdd-\u003edrm_file reference. As a result, drm close file handler maybe\ncalled to release the compute pasid before KFD process destroy worker to\nrelease the same pasid and set vm-\u003epasid to zero, this generates below\nWARNING backtrace and NULL pointer access.\n\nAdd helper amdgpu_amdkfd_gpuvm_set_vm_pasid and call it at the last step\nof kfd_process_device_init_vm, to ensure vm pasid is the original pasid\nif acquiring vm failed or is the compute pasid with pdd-\u003edrm_file\nreference taken to avoid double release same pasid.\n\n amdgpu: Failed to create process VM object\n ida_free called for id=32770 which is not allocated.\n WARNING: CPU: 57 PID: 72542 at ../lib/idr.c:522 ida_free+0x96/0x140\n RIP: 0010:ida_free+0x96/0x140\n Call Trace:\n  amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]\n  amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]\n  drm_file_free.part.13+0x216/0x270 [drm]\n  drm_close_helper.isra.14+0x60/0x70 [drm]\n  drm_release+0x6e/0xf0 [drm]\n  __fput+0xcc/0x280\n  ____fput+0xe/0x20\n  task_work_run+0x96/0xc0\n  do_exit+0x3d0/0xc10\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n RIP: 0010:ida_free+0x76/0x140\n Call Trace:\n  amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]\n  amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]\n  drm_file_free.part.13+0x216/0x270 [drm]\n  drm_close_helper.isra.14+0x60/0x70 [drm]\n  drm_release+0x6e/0xf0 [drm]\n  __fput+0xcc/0x280\n  ____fput+0xe/0x20\n  task_work_run+0x96/0xc0\n  do_exit+0x3d0/0xc10"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:16:42.344Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/89f0d766c9e3fdeafbed6f855d433c2768cde862"
        },
        {
          "url": "https://git.kernel.org/stable/c/a02c07b619899179384fde06f951530438a3512d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5"
        }
      ],
      "title": "drm/amdkfd: Fix double release compute pasid",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50303",
    "datePublished": "2025-09-15T14:45:58.735Z",
    "dateReserved": "2025-09-15T14:18:36.812Z",
    "dateUpdated": "2026-05-11T19:16:42.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-50304 (GCVE-0-2022-50304)

Vulnerability from cvelistv5 – Published: 2025-09-15 14:45 – Updated: 2026-05-11 19:16

Title

mtd: core: fix possible resource leak in init_mtd()

Summary

In the Linux kernel, the following vulnerability has been resolved: mtd: core: fix possible resource leak in init_mtd() I got the error report while inject fault in init_mtd(): sysfs: cannot create duplicate filename '/devices/virtual/bdi/mtd-0' Call Trace: <TASK> dump_stack_lvl+0x67/0x83 sysfs_warn_dup+0x60/0x70 sysfs_create_dir_ns+0x109/0x120 kobject_add_internal+0xce/0x2f0 kobject_add+0x98/0x110 device_add+0x179/0xc00 device_create_groups_vargs+0xf4/0x100 device_create+0x7b/0xb0 bdi_register_va.part.13+0x58/0x2d0 bdi_register+0x9b/0xb0 init_mtd+0x62/0x171 [mtd] do_one_initcall+0x6c/0x3c0 do_init_module+0x58/0x222 load_module+0x268e/0x27d0 __do_sys_finit_module+0xd5/0x140 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd </TASK> kobject_add_internal failed for mtd-0 with -EEXIST, don't try to register things with the same name in the same directory. Error registering mtd class or bdi: -17 If init_mtdchar() fails in init_mtd(), mtd_bdi will not be unregistered, as a result, we can't load the mtd module again, to fix this by calling bdi_unregister(mtd_bdi) after out_procfs label.

Severity

No CVSS data available.

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/78816504100cbd8e6…
https://git.kernel.org/stable/c/26c304a3f136009c5…
https://git.kernel.org/stable/c/1aadf01e5076b9ab6…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 445caaa20c4d6da74f426464f90513b81157ad77 , < 78816504100cbd8e6836df9f58cc4fbb8b262f1c (git) Affected: 445caaa20c4d6da74f426464f90513b81157ad77 , < 26c304a3f136009c5a2a04e2bf3ac6aa25aabcb4 (git) Affected: 445caaa20c4d6da74f426464f90513b81157ad77 , < 1aadf01e5076b9ab6bf294b9622335c651314895 (git)
Linux	Linux	Affected: 4.10 Unaffected: 0 , < 4.10 (semver) Unaffected: 6.0.16 , ≤ 6.0.* (semver) Unaffected: 6.1.2 , ≤ 6.1.* (semver) Unaffected: 6.2 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/mtdcore.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "78816504100cbd8e6836df9f58cc4fbb8b262f1c",
              "status": "affected",
              "version": "445caaa20c4d6da74f426464f90513b81157ad77",
              "versionType": "git"
            },
            {
              "lessThan": "26c304a3f136009c5a2a04e2bf3ac6aa25aabcb4",
              "status": "affected",
              "version": "445caaa20c4d6da74f426464f90513b81157ad77",
              "versionType": "git"
            },
            {
              "lessThan": "1aadf01e5076b9ab6bf294b9622335c651314895",
              "status": "affected",
              "version": "445caaa20c4d6da74f426464f90513b81157ad77",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/mtdcore.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: core: fix possible resource leak in init_mtd()\n\nI got the error report while inject fault in init_mtd():\n\nsysfs: cannot create duplicate filename \u0027/devices/virtual/bdi/mtd-0\u0027\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x67/0x83\n sysfs_warn_dup+0x60/0x70\n sysfs_create_dir_ns+0x109/0x120\n kobject_add_internal+0xce/0x2f0\n kobject_add+0x98/0x110\n device_add+0x179/0xc00\n device_create_groups_vargs+0xf4/0x100\n device_create+0x7b/0xb0\n bdi_register_va.part.13+0x58/0x2d0\n bdi_register+0x9b/0xb0\n init_mtd+0x62/0x171 [mtd]\n do_one_initcall+0x6c/0x3c0\n do_init_module+0x58/0x222\n load_module+0x268e/0x27d0\n __do_sys_finit_module+0xd5/0x140\n do_syscall_64+0x37/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\nkobject_add_internal failed for mtd-0 with -EEXIST, don\u0027t try to register\n\tthings with the same name in the same directory.\nError registering mtd class or bdi: -17\n\nIf init_mtdchar() fails in init_mtd(), mtd_bdi will not be unregistered,\nas a result, we can\u0027t load the mtd module again, to fix this by calling\nbdi_unregister(mtd_bdi) after out_procfs label."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:16:43.472Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/78816504100cbd8e6836df9f58cc4fbb8b262f1c"
        },
        {
          "url": "https://git.kernel.org/stable/c/26c304a3f136009c5a2a04e2bf3ac6aa25aabcb4"
        },
        {
          "url": "https://git.kernel.org/stable/c/1aadf01e5076b9ab6bf294b9622335c651314895"
        }
      ],
      "title": "mtd: core: fix possible resource leak in init_mtd()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50304",
    "datePublished": "2025-09-15T14:45:59.614Z",
    "dateReserved": "2025-09-15T14:18:36.812Z",
    "dateUpdated": "2026-05-11T19:16:43.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-53209 (GCVE-0-2023-53209)

Vulnerability from cvelistv5 – Published: 2025-09-15 14:21 – Updated: 2026-05-11 19:40

Title

wifi: mac80211_hwsim: Fix possible NULL dereference

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: Fix possible NULL dereference In a call to mac80211_hwsim_select_tx_link() the sta pointer might be NULL, thus need to check that it is not NULL before accessing it.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/d0124848c7940aba7…
https://git.kernel.org/stable/c/a8a20fed3e05b3a68…
https://git.kernel.org/stable/c/0cc80943ef518a1c5…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 86e74a08fecb59985bb2d5fe3e96dc108822a420 , < d0124848c7940aba73492e282506b32a13f2e30e (git) Affected: 86e74a08fecb59985bb2d5fe3e96dc108822a420 , < a8a20fed3e05b3a6866c5c58855deaf3c217ccd6 (git) Affected: 86e74a08fecb59985bb2d5fe3e96dc108822a420 , < 0cc80943ef518a1c51a1111e9346d1daf11dd545 (git)
Linux	Linux	Affected: 6.1 Unaffected: 0 , < 6.1 (semver) Unaffected: 6.1.42 , ≤ 6.1.* (semver) Unaffected: 6.4.7 , ≤ 6.4.* (semver) Unaffected: 6.5 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-53209",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T17:48:14.176157Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T17:52:56.820Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/virtual/mac80211_hwsim.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d0124848c7940aba73492e282506b32a13f2e30e",
              "status": "affected",
              "version": "86e74a08fecb59985bb2d5fe3e96dc108822a420",
              "versionType": "git"
            },
            {
              "lessThan": "a8a20fed3e05b3a6866c5c58855deaf3c217ccd6",
              "status": "affected",
              "version": "86e74a08fecb59985bb2d5fe3e96dc108822a420",
              "versionType": "git"
            },
            {
              "lessThan": "0cc80943ef518a1c51a1111e9346d1daf11dd545",
              "status": "affected",
              "version": "86e74a08fecb59985bb2d5fe3e96dc108822a420",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/virtual/mac80211_hwsim.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.42",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.7",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211_hwsim: Fix possible NULL dereference\n\nIn a call to mac80211_hwsim_select_tx_link() the sta pointer might\nbe NULL, thus need to check that it is not NULL before accessing it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:40:23.407Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d0124848c7940aba73492e282506b32a13f2e30e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8a20fed3e05b3a6866c5c58855deaf3c217ccd6"
        },
        {
          "url": "https://git.kernel.org/stable/c/0cc80943ef518a1c51a1111e9346d1daf11dd545"
        }
      ],
      "title": "wifi: mac80211_hwsim: Fix possible NULL dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53209",
    "datePublished": "2025-09-15T14:21:37.415Z",
    "dateReserved": "2025-09-15T13:59:19.068Z",
    "dateUpdated": "2026-05-11T19:40:23.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-53231 (GCVE-0-2023-53231)

Vulnerability from cvelistv5 – Published: 2025-09-15 14:22 – Updated: 2026-05-11 19:40

Title

erofs: Fix detection of atomic context

Summary

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as z_erofs_decompressqueue_endio can be called under rcu lock from blk_mq_flush_plug_list(). See the stacktrace [1] In such case we should hand off the decompression work for async processing rather than trying to do sync decompression in current context. Patch fixes the detection by checking for rcu_read_lock_any_held() and while at it use more appropriate !in_task() check than in_atomic(). Background: Historically erofs would always schedule a kworker for decompression which would incur the scheduling cost regardless of the context. But z_erofs_decompressqueue_endio() may not always be in atomic context and we could actually benefit from doing the decompression in z_erofs_decompressqueue_endio() if we are in thread context, for example when running with dm-verity. This optimization was later added in patch [2] which has shown improvement in performance benchmarks. ============================================== [1] Problem stacktrace [name:core&]BUG: sleeping function called from invalid context at kernel/locking/mutex.c:291 [name:core&]in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1615, name: CpuMonitorServi [name:core&]preempt_count: 0, expected: 0 [name:core&]RCU nest depth: 1, expected: 0 CPU: 7 PID: 1615 Comm: CpuMonitorServi Tainted: G S W OE 6.1.25-android14-5-maybe-dirty-mainline #1 Hardware name: MT6897 (DT) Call trace: dump_backtrace+0x108/0x15c show_stack+0x20/0x30 dump_stack_lvl+0x6c/0x8c dump_stack+0x20/0x48 __might_resched+0x1fc/0x308 __might_sleep+0x50/0x88 mutex_lock+0x2c/0x110 z_erofs_decompress_queue+0x11c/0xc10 z_erofs_decompress_kickoff+0x110/0x1a4 z_erofs_decompressqueue_endio+0x154/0x180 bio_endio+0x1b0/0x1d8 __dm_io_complete+0x22c/0x280 clone_endio+0xe4/0x280 bio_endio+0x1b0/0x1d8 blk_update_request+0x138/0x3a4 blk_mq_plug_issue_direct+0xd4/0x19c blk_mq_flush_plug_list+0x2b0/0x354 __blk_flush_plug+0x110/0x160 blk_finish_plug+0x30/0x4c read_pages+0x2fc/0x370 page_cache_ra_unbounded+0xa4/0x23c page_cache_ra_order+0x290/0x320 do_sync_mmap_readahead+0x108/0x2c0 filemap_fault+0x19c/0x52c __do_fault+0xc4/0x114 handle_mm_fault+0x5b4/0x1168 do_page_fault+0x338/0x4b4 do_translation_fault+0x40/0x60 do_mem_abort+0x60/0xc8 el0_da+0x4c/0xe0 el0t_64_sync_handler+0xd4/0xfc el0t_64_sync+0x1a0/0x1a4 [2] Link: https://lore.kernel.org/all/20210317035448.13921-1-huangjianan@oppo.com/

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

2 references

URL	Tags
https://git.kernel.org/stable/c/597fb60c751327196…
https://git.kernel.org/stable/c/12d0a24afd9ea58e5…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: aea1286dcbbb87cf33595c2ac8b153c29a4611cb , < 597fb60c75132719687e173b75cab8f6eb1ca657 (git) Affected: aea1286dcbbb87cf33595c2ac8b153c29a4611cb , < 12d0a24afd9ea58e581ea64d64e066f2027b28d9 (git)
Linux	Linux	Affected: 4.19 Unaffected: 0 , < 4.19 (semver) Unaffected: 6.4.7 , ≤ 6.4.* (semver) Unaffected: 6.5 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-53231",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T17:55:25.324929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T18:02:49.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/zdata.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "597fb60c75132719687e173b75cab8f6eb1ca657",
              "status": "affected",
              "version": "aea1286dcbbb87cf33595c2ac8b153c29a4611cb",
              "versionType": "git"
            },
            {
              "lessThan": "12d0a24afd9ea58e581ea64d64e066f2027b28d9",
              "status": "affected",
              "version": "aea1286dcbbb87cf33595c2ac8b153c29a4611cb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/zdata.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.7",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: Fix detection of atomic context\n\nCurrent check for atomic context is not sufficient as\nz_erofs_decompressqueue_endio can be called under rcu lock\nfrom blk_mq_flush_plug_list(). See the stacktrace [1]\n\nIn such case we should hand off the decompression work for async\nprocessing rather than trying to do sync decompression in current\ncontext. Patch fixes the detection by checking for\nrcu_read_lock_any_held() and while at it use more appropriate\n!in_task() check than in_atomic().\n\nBackground: Historically erofs would always schedule a kworker for\ndecompression which would incur the scheduling cost regardless of\nthe context. But z_erofs_decompressqueue_endio() may not always\nbe in atomic context and we could actually benefit from doing the\ndecompression in z_erofs_decompressqueue_endio() if we are in\nthread context, for example when running with dm-verity.\nThis optimization was later added in patch [2] which has shown\nimprovement in performance benchmarks.\n\n==============================================\n[1] Problem stacktrace\n[name:core\u0026]BUG: sleeping function called from invalid context at kernel/locking/mutex.c:291\n[name:core\u0026]in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1615, name: CpuMonitorServi\n[name:core\u0026]preempt_count: 0, expected: 0\n[name:core\u0026]RCU nest depth: 1, expected: 0\nCPU: 7 PID: 1615 Comm: CpuMonitorServi Tainted: G S      W  OE      6.1.25-android14-5-maybe-dirty-mainline #1\nHardware name: MT6897 (DT)\nCall trace:\n dump_backtrace+0x108/0x15c\n show_stack+0x20/0x30\n dump_stack_lvl+0x6c/0x8c\n dump_stack+0x20/0x48\n __might_resched+0x1fc/0x308\n __might_sleep+0x50/0x88\n mutex_lock+0x2c/0x110\n z_erofs_decompress_queue+0x11c/0xc10\n z_erofs_decompress_kickoff+0x110/0x1a4\n z_erofs_decompressqueue_endio+0x154/0x180\n bio_endio+0x1b0/0x1d8\n __dm_io_complete+0x22c/0x280\n clone_endio+0xe4/0x280\n bio_endio+0x1b0/0x1d8\n blk_update_request+0x138/0x3a4\n blk_mq_plug_issue_direct+0xd4/0x19c\n blk_mq_flush_plug_list+0x2b0/0x354\n __blk_flush_plug+0x110/0x160\n blk_finish_plug+0x30/0x4c\n read_pages+0x2fc/0x370\n page_cache_ra_unbounded+0xa4/0x23c\n page_cache_ra_order+0x290/0x320\n do_sync_mmap_readahead+0x108/0x2c0\n filemap_fault+0x19c/0x52c\n __do_fault+0xc4/0x114\n handle_mm_fault+0x5b4/0x1168\n do_page_fault+0x338/0x4b4\n do_translation_fault+0x40/0x60\n do_mem_abort+0x60/0xc8\n el0_da+0x4c/0xe0\n el0t_64_sync_handler+0xd4/0xfc\n el0t_64_sync+0x1a0/0x1a4\n\n[2] Link: https://lore.kernel.org/all/20210317035448.13921-1-huangjianan@oppo.com/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:40:46.848Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/597fb60c75132719687e173b75cab8f6eb1ca657"
        },
        {
          "url": "https://git.kernel.org/stable/c/12d0a24afd9ea58e581ea64d64e066f2027b28d9"
        }
      ],
      "title": "erofs: Fix detection of atomic context",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53231",
    "datePublished": "2025-09-15T14:22:03.599Z",
    "dateReserved": "2025-09-15T14:19:21.847Z",
    "dateUpdated": "2026-05-11T19:40:46.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-6485 (GCVE-0-2024-6485)

Vulnerability from cvelistv5 – Published: 2024-07-11 17:08 – Updated: 2025-11-03 19:34

Title

XSS in Bootstrap button component

Summary

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Assigner

HeroDevs

References

1 reference

URL	Tags
https://www.herodevs.com/vulnerability-directory/…

Impacted products

2 products

Vendor	Product	Version
Bootstrap	Bootstrap	Affected: 1.4.0 , ≤ 3.4.1 (semver)
Bootstrap-sass	bootstrap-sass	Affected: 2.3.2 , ≤ 3.4.3 (semver)

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bootstrap",
            "vendor": "getbootstrap",
            "versions": [
              {
                "lessThanOrEqual": "3.4.1",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6485",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T18:49:37.849230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T20:01:02.497Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:34:34.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.herodevs.com/vulnerability-directory/cve-2024-6485"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Bootstrap",
          "vendor": "Bootstrap",
          "versions": [
            {
              "lessThanOrEqual": "3.4.1",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "bootstrap-sass",
          "vendor": "Bootstrap-sass",
          "versions": [
            {
              "lessThanOrEqual": "3.4.3",
              "status": "affected",
              "version": "2.3.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "K"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the \u003c/span\u003e\u003ccode\u003edata-loading-text\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e attribute within the \u003c/span\u003e\u003ccode\u003ebutton\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button\u0027s loading state is triggered.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button\u0027s loading state is triggered."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-24T19:15:39.832Z",
        "orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
        "shortName": "HeroDevs"
      },
      "references": [
        {
          "url": "https://www.herodevs.com/vulnerability-directory/cve-2024-6485"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "XSS in Bootstrap button component",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
    "assignerShortName": "HeroDevs",
    "cveId": "CVE-2024-6485",
    "datePublished": "2024-07-11T17:08:08.224Z",
    "dateReserved": "2024-07-03T16:54:39.173Z",
    "dateUpdated": "2025-11-03T19:34:34.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12084 (GCVE-0-2025-12084)

Vulnerability from cvelistv5 – Published: 2025-12-03 18:55 – Updated: 2026-03-03 14:41

Title

Quadratic complexity in node ID cache clearing

Summary

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Severity

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

PSF

References

14 references

URL	Tags
https://github.com/python/cpython/pull/142146	patch
https://github.com/python/cpython/issues/142145	issue-tracking
https://github.com/python/cpython/commit/08d8e18a…	patch
https://github.com/python/cpython/commit/027f21e4…	patch
https://github.com/python/cpython/commit/ddcd2acd…	patch
https://github.com/python/cpython/commit/27648a18…	patch
https://github.com/python/cpython/commit/8d2d7bb2…	patch
https://github.com/python/cpython/commit/9c9dda66…	patch
https://github.com/python/cpython/commit/a696ba8b…	patch
https://github.com/python/cpython/commit/41f46878…	patch
https://github.com/python/cpython/commit/57937a8e…	patch
https://github.com/python/cpython/commit/e91c1144…	patch
https://github.com/python/cpython/commit/a46c10ec…	patch
https://github.com/python/cpython/commit/c97e8759…	patch

Impacted products

1 product

Vendor	Product	Version
Python Software Foundation	CPython	Affected: 0 , < 3.10.20 (python) Affected: 3.11.0 , < 3.11.15 (python) Affected: 3.12.0 , < 3.12.13 (python) Affected: 3.13.0 , < 3.13.11 (python) Affected: 3.14.0 , < 3.14.2 (python) Affected: 3.15.0a1 , < 3.15.0a3 (python)

Credits

Jacob Walls Shai Berger Natalia Bidart Seth Larson

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12084",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-03T19:13:23.548683Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-407",
                "description": "CWE-407 Inefficient Algorithmic Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-03T19:14:59.450Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.10.20",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.15",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.13",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.11",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.2",
              "status": "affected",
              "version": "3.14.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.15.0a3",
              "status": "affected",
              "version": "3.15.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jacob Walls"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Shai Berger"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Natalia Bidart"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When building nested elements using \u003ccode\u003exml.dom.minidom\u003c/code\u003e methods such as \u003ccode\u003e\u003ccode\u003eappendChild()\u003c/code\u003e\u003c/code\u003e that have a dependency on \u003ccode\u003e_clear_id_cache()\u003c/code\u003e the algorithm is quadratic. Availability can be impacted when building excessively nested documents."
            }
          ],
          "value": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-03T14:41:38.821Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/142146"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/142145"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Quadratic complexity in node ID cache clearing",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-12084",
    "datePublished": "2025-12-03T18:55:32.222Z",
    "dateReserved": "2025-10-22T16:06:55.078Z",
    "dateUpdated": "2026-03-03T14:41:38.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12385 (GCVE-0-2025-12385)

Vulnerability from cvelistv5 – Published: 2025-12-03 19:38 – Updated: 2025-12-03 21:46

Title

Improper validation of <img> tag size in Text component parser

Summary

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling
CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

TQtC

References

2 references

URL	Tags
https://codereview.qt-project.org/c/qt/qtdeclarat…
https://codereview.qt-project.org/c/qt/qtdeclarat…

Impacted products

1 product

Vendor	Product	Version
The Qt Company	Qt	Affected: 5.0.0 , ≤ 6.5.10 (python) Affected: 6.6.0 , ≤ 6.8.5 (python) Affected: 6.9.0 , ≤ 6.10.0 (python)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12385",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-03T21:46:27.767155Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-03T21:46:42.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux",
            "iOS",
            "Android",
            "x86",
            "ARM",
            "64 bit",
            "32 bit"
          ],
          "product": "Qt",
          "vendor": "The Qt Company",
          "versions": [
            {
              "lessThanOrEqual": "6.5.10",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "python"
            },
            {
              "lessThanOrEqual": "6.8.5",
              "status": "affected",
              "version": "6.6.0",
              "versionType": "python"
            },
            {
              "lessThanOrEqual": "6.10.0",
              "status": "affected",
              "version": "6.9.0",
              "versionType": "python"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*",
                  "versionEndIncluding": "6.5.10",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*",
                  "versionEndIncluding": "6.5.10",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*",
                  "versionEndIncluding": "6.5.10",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*",
                  "versionEndIncluding": "6.5.10",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*",
                  "versionEndIncluding": "6.5.10",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*",
                  "versionEndIncluding": "6.5.10",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*",
                  "versionEndIncluding": "6.5.10",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*",
                  "versionEndIncluding": "6.5.10",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*",
                  "versionEndIncluding": "6.5.10",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*",
                  "versionEndIncluding": "6.8.5",
                  "versionStartIncluding": "6.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*",
                  "versionEndIncluding": "6.8.5",
                  "versionStartIncluding": "6.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*",
                  "versionEndIncluding": "6.8.5",
                  "versionStartIncluding": "6.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*",
                  "versionEndIncluding": "6.8.5",
                  "versionStartIncluding": "6.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*",
                  "versionEndIncluding": "6.8.5",
                  "versionStartIncluding": "6.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*",
                  "versionEndIncluding": "6.8.5",
                  "versionStartIncluding": "6.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*",
                  "versionEndIncluding": "6.8.5",
                  "versionStartIncluding": "6.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*",
                  "versionEndIncluding": "6.8.5",
                  "versionStartIncluding": "6.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*",
                  "versionEndIncluding": "6.8.5",
                  "versionStartIncluding": "6.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*",
                  "versionEndIncluding": "6.10.0",
                  "versionStartIncluding": "6.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*",
                  "versionEndIncluding": "6.10.0",
                  "versionStartIncluding": "6.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*",
                  "versionEndIncluding": "6.10.0",
                  "versionStartIncluding": "6.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*",
                  "versionEndIncluding": "6.10.0",
                  "versionStartIncluding": "6.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*",
                  "versionEndIncluding": "6.10.0",
                  "versionStartIncluding": "6.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*",
                  "versionEndIncluding": "6.10.0",
                  "versionStartIncluding": "6.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*",
                  "versionEndIncluding": "6.10.0",
                  "versionStartIncluding": "6.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*",
                  "versionEndIncluding": "6.10.0",
                  "versionStartIncluding": "6.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*",
                  "versionEndIncluding": "6.10.0",
                  "versionStartIncluding": "6.9.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.\u003cbr\u003e\u003cp\u003eThis issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the \u0026lt;img\u0026gt; tag could cause an application to become unresponsive.\u003c/p\u003e\u003cp\u003eThis issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.\u003c/p\u003e"
            }
          ],
          "value": "Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.\nThis issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the \u003cimg\u003e tag could cause an application to become unresponsive.\n\nThis issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T19:38:53.130Z",
        "orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
        "shortName": "TQtC"
      },
      "references": [
        {
          "url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239"
        },
        {
          "url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/687766"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper validation of \u003cimg\u003e tag size in Text component parser",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
    "assignerShortName": "TQtC",
    "cveId": "CVE-2025-12385",
    "datePublished": "2025-12-03T19:38:53.130Z",
    "dateReserved": "2025-10-28T11:53:25.141Z",
    "dateUpdated": "2025-12-03T21:46:42.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12819 (GCVE-0-2025-12819)

Vulnerability from cvelistv5 – Published: 2025-12-03 19:00 – Updated: 2025-12-27 16:04

Title

Untrusted search path in auth_query connection in PgBouncer

Summary

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-426 - Untrusted Search Path

Assigner

PostgreSQL

References

1 reference

URL	Tags
https://www.pgbouncer.org/changelog.html#pgbouncer-125x

Impacted products

1 product

Vendor	Product	Version
n/a	PgBouncer	Affected: 0 , < 1.25.1 (semver)

Credits

Thanks to Jason Tsang of Snowflake Inc. for finding this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12819",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-03T19:11:14.559731Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-03T19:11:59.406Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-27T16:04:17.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00033.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PgBouncer",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "1.25.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "track_extra_parameters includes search_path (non-default configuration) AND auth_user is set to a non-empty string (non-default configuration) AND auth_query is configured without fully-qualified object names (default configuration, the \u003c operator is not schema qualified)"
        },
        {
          "lang": "en",
          "value": "track_extra_parameters includes another security sensitive parameter (non-default configuration and extremely unlikely) and auth_user is set to a non-empty string (non-default configuration)"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks to Jason Tsang of Snowflake Inc. for finding this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T22:38:58.388Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.pgbouncer.org/changelog.html#pgbouncer-125x"
        }
      ],
      "title": "Untrusted search path in auth_query connection in PgBouncer",
      "workarounds": [
        {
          "lang": "en",
          "value": "Remove search_path and any other security sensitive parameters from track_extra_parameters"
        },
        {
          "lang": "en",
          "value": "ensure auth_query uses fully-qualified object and operator names (e.g., pg_catalog.current_user instead of current_user)"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2025-12819",
    "datePublished": "2025-12-03T19:00:09.063Z",
    "dateReserved": "2025-11-06T17:22:32.839Z",
    "dateUpdated": "2025-12-27T16:04:17.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13836 (GCVE-0-2025-13836)

Vulnerability from cvelistv5 – Published: 2025-12-01 18:02 – Updated: 2026-03-03 14:41

Title

Excessive read buffering DoS in http.client

Summary

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Severity

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

PSF

References

9 references

URL	Tags
https://github.com/python/cpython/issues/119451	issue-tracking
https://github.com/python/cpython/pull/119454	patch
https://github.com/python/cpython/commit/4ce27904…	patch
https://github.com/python/cpython/commit/5a4c4a03…	patch
https://mail.python.org/archives/list/security-an…	vendor-advisory
https://github.com/python/cpython/commit/289f29b0…	patch
https://github.com/python/cpython/commit/14b1fdb0…	patch
https://github.com/python/cpython/commit/5dc10167…	patch
https://github.com/python/cpython/commit/afc40bdd…	patch

Impacted products

1 product

Vendor	Product	Version
Python Software Foundation	CPython	Affected: 0 , < 3.10.20 (python) Affected: 3.11.0 , < 3.11.15 (python) Affected: 3.12.0 , < 3.12.13 (python) Affected: 3.13.0 , < 3.13.11 (python) Affected: 3.14.0 , < 3.14.1 (python) Affected: 3.15.0a1 , < 3.15.0a3 (python)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13836",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-01T18:32:37.506031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T18:29:21.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "http.client"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.10.20",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.15",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.13",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.11",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.1",
              "status": "affected",
              "version": "3.14.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.15.0a3",
              "status": "affected",
              "version": "3.15.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS."
            }
          ],
          "value": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-03T14:41:48.702Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/119451"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/119454"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Excessive read buffering DoS in http.client",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-13836",
    "datePublished": "2025-12-01T18:02:38.483Z",
    "dateReserved": "2025-12-01T17:54:40.759Z",
    "dateUpdated": "2026-03-03T14:41:48.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13837 (GCVE-0-2025-13837)

Vulnerability from cvelistv5 – Published: 2025-12-01 18:13 – Updated: 2026-03-03 14:41

Title

Out-of-memory when loading Plist

Summary

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Severity

2.1 (Low)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

PSF

References

9 references

URL	Tags
https://github.com/python/cpython/pull/119343	patch
https://github.com/python/cpython/issues/119342	issue-tracking
https://github.com/python/cpython/commit/694922cf…	patch
https://github.com/python/cpython/commit/71fa8eb8…	patch
https://github.com/python/cpython/commit/b64441e4…	patch
https://mail.python.org/archives/list/security-an…	vendor-advisory
https://github.com/python/cpython/commit/5a8b1967…	patch
https://github.com/python/cpython/commit/568342cf…	patch
https://github.com/python/cpython/commit/cefee7d1…	patch

Impacted products

1 product

Vendor	Product	Version
Python Software Foundation	CPython	Affected: 0 , < 3.10.20 (python) Affected: 3.11.0 , < 3.11.15 (python) Affected: 3.12.0 , < 3.12.13 (python) Affected: 3.13.0 , < 3.13.10 (python) Affected: 3.14.0 , < 3.14.1 (python) Affected: 3.15.0a1 , < 3.15.0a3 (python)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13837",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-01T18:23:28.615317Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T15:16:47.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "plistlib"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.10.20",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.15",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.13",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.10",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.1",
              "status": "affected",
              "version": "3.14.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.15.0a3",
              "status": "affected",
              "version": "3.15.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues"
            }
          ],
          "value": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-03T14:41:54.597Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/119343"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/119342"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-memory when loading Plist",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-13837",
    "datePublished": "2025-12-01T18:13:32.739Z",
    "dateReserved": "2025-12-01T17:54:41.439Z",
    "dateUpdated": "2026-03-03T14:41:54.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2025-AVI-1078

Solutions

CVE-2022-50303 (GCVE-0-2022-50303)

CVE-2022-50304 (GCVE-0-2022-50304)

CVE-2023-53209 (GCVE-0-2023-53209)

CVE-2023-53231 (GCVE-0-2023-53231)

CVE-2024-6485 (GCVE-0-2024-6485)

CVE-2025-12084 (GCVE-0-2025-12084)

CVE-2025-12385 (GCVE-0-2025-12385)

CVE-2025-12819 (GCVE-0-2025-12819)

CVE-2025-13836 (GCVE-0-2025-13836)

CVE-2025-13837 (GCVE-0-2025-13837)

Tags

Sightings

Nomenclature