csaf_redhat - rhsa-2023

rhsa-2023_7669

Vulnerability from csaf_redhat

Published

2023-12-06 22:07

Modified

2024-11-06 04:29

Summary

Red Hat Security Advisory: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images

Notes

Topic

New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available

Details

New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Users of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. Security Fix(es): * vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route (CVE-2023-24815) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462) You can find images updated by this advisory in Red Hat Container Catalog (see References).

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes.\n\nUsers of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nSecurity Fix(es):\n\n* vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route (CVE-2023-24815)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462)\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7669",
        "url": "https://access.redhat.com/errata/RHSA-2023:7669"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2209400",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209400"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2216888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
      },
      {
        "category": "external",
        "summary": "JAVAMON-236",
        "url": "https://issues.redhat.com/browse/JAVAMON-236"
      },
      {
        "category": "external",
        "summary": "JAVAMON-241",
        "url": "https://issues.redhat.com/browse/JAVAMON-241"
      },
      {
        "category": "external",
        "summary": "JAVAMON-243",
        "url": "https://issues.redhat.com/browse/JAVAMON-243"
      },
      {
        "category": "external",
        "summary": "JAVAMON-313",
        "url": "https://issues.redhat.com/browse/JAVAMON-313"
      },
      {
        "category": "external",
        "summary": "JAVAMON-319",
        "url": "https://issues.redhat.com/browse/JAVAMON-319"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7669.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images",
    "tracking": {
      "current_release_date": "2024-11-06T04:29:45+00:00",
      "generator": {
        "date": "2024-11-06T04:29:45+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2023:7669",
      "initial_release_date": "2023-12-06T22:07:18+00:00",
      "revision_history": [
        {
          "date": "2023-12-06T22:07:18+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-12-06T22:07:18+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-06T04:29:45+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Cryostat 2 on RHEL 8",
                "product": {
                  "name": "Cryostat 2 on RHEL 8",
                  "product_id": "8Base-Cryostat-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cryostat:2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Cryostat"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.4.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
                "product": {
                  "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
                  "product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.4.0-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.4.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
                "product": {
                  "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
                  "product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.4.0-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64"
        },
        "product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
        },
        "product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24815",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2023-05-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2209400"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (*), an attacker can exfiltrate any class path resource.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24815"
        },
        {
          "category": "external",
          "summary": "RHBZ#2209400",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209400"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24815",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24815"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24815",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24815"
        },
        {
          "category": "external",
          "summary": "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38",
          "url": "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38"
        }
      ],
      "release_date": "2023-02-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T22:07:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7669"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T22:07:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7669"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-34462",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-06-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2216888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: SniHandler 16MB allocation leads to OOM",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-34462"
        },
        {
          "category": "external",
          "summary": "RHBZ#2216888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
        }
      ],
      "release_date": "2023-06-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T22:07:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7669"
        },
        {
          "category": "workaround",
          "details": "Configuration of SniHandler with an idle timeout will mitigate this issue.",
          "product_ids": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: SniHandler 16MB allocation leads to OOM"
    }
  ]
}

cve-2023-24815

Vulnerability from cvelistv5

Published

2023-02-09 17:36

Modified

2024-08-02 11:03

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web

References

▼	URL	Tags
	https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38	x_refsource_CONFIRM
	https://github.com/vert-x3/vertx-web/commit/9e3a783b1d1a731055e9049078b1b1494ece9c15	x_refsource_MISC
	https://github.com/vert-x3/vertx-web/blob/62c0d66fa1c179ae6a4d57344631679a2b97e60f/vertx-web/src/main/java/io/vertx/ext/web/impl/Utils.java#L83	x_refsource_MISC

Impacted products

▼	Vendor	Product
	vert-x3	vertx-web

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:03:19.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38"
          },
          {
            "name": "https://github.com/vert-x3/vertx-web/commit/9e3a783b1d1a731055e9049078b1b1494ece9c15",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vert-x3/vertx-web/commit/9e3a783b1d1a731055e9049078b1b1494ece9c15"
          },
          {
            "name": "https://github.com/vert-x3/vertx-web/blob/62c0d66fa1c179ae6a4d57344631679a2b97e60f/vertx-web/src/main/java/io/vertx/ext/web/impl/Utils.java#L83",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vert-x3/vertx-web/blob/62c0d66fa1c179ae6a4d57344631679a2b97e60f/vertx-web/src/main/java/io/vertx/ext/web/impl/Utils.java#L83"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vertx-web",
          "vendor": "vert-x3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.3.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return \"/\" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-09T17:36:32.589Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38"
        },
        {
          "name": "https://github.com/vert-x3/vertx-web/commit/9e3a783b1d1a731055e9049078b1b1494ece9c15",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vert-x3/vertx-web/commit/9e3a783b1d1a731055e9049078b1b1494ece9c15"
        },
        {
          "name": "https://github.com/vert-x3/vertx-web/blob/62c0d66fa1c179ae6a4d57344631679a2b97e60f/vertx-web/src/main/java/io/vertx/ext/web/impl/Utils.java#L83",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vert-x3/vertx-web/blob/62c0d66fa1c179ae6a4d57344631679a2b97e60f/vertx-web/src/main/java/io/vertx/ext/web/impl/Utils.java#L83"
        }
      ],
      "source": {
        "advisory": "GHSA-53jx-vvf9-4x38",
        "discovery": "UNKNOWN"
      },
      "title": "Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-24815",
    "datePublished": "2023-02-09T17:36:32.589Z",
    "dateReserved": "2023-01-30T14:43:33.704Z",
    "dateUpdated": "2024-08-02T11:03:19.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-34462

Vulnerability from cvelistv5

Published

2023-06-22 23:00

Modified

2024-08-02 16:10

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

netty-handler SniHandler 16MB allocation

References

▼	URL	Tags
	https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845	x_refsource_CONFIRM
	https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20230803-0001/
	https://www.debian.org/security/2023/dsa-5558
	https://security.netapp.com/advisory/ntap-20240621-0007/

Impacted products

▼	Vendor	Product
	netty	netty

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-34462",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T18:36:13.070529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T18:36:18.892Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:10:07.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845"
          },
          {
            "name": "https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230803-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5558"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.1.94.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-22T23:00:12.104Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845"
        },
        {
          "name": "https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230803-0001/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5558"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
        }
      ],
      "source": {
        "advisory": "GHSA-6mjq-h674-j845",
        "discovery": "UNKNOWN"
      },
      "title": "netty-handler SniHandler 16MB allocation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-34462",
    "datePublished": "2023-06-22T23:00:12.104Z",
    "dateReserved": "2023-06-06T16:16:53.560Z",
    "dateUpdated": "2024-08-02T16:10:07.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-33201

Vulnerability from cvelistv5

Published

2023-07-05 00:00

Modified

2024-08-02 15:39

Severity ?

Summary

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

References

▼	URL	Tags
	https://bouncycastle.org
	https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
	https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
	https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html	mailing-list
	https://security.netapp.com/advisory/ntap-20230824-0008/

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.708Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bouncycastle.org"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
          },
          {
            "name": "[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230824-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate\u0027s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-24T18:06:18.676012",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bouncycastle.org"
        },
        {
          "url": "https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc"
        },
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        },
        {
          "name": "[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230824-0008/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-33201",
    "datePublished": "2023-07-05T00:00:00",
    "dateReserved": "2023-05-18T00:00:00",
    "dateUpdated": "2024-08-02T15:39:35.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2023_7669

Vulnerability from csaf_redhat

cve-2023-24815

Vulnerability from cvelistv5

cve-2023-34462

Vulnerability from cvelistv5

cve-2023-33201

Vulnerability from cvelistv5

Tags