{ "SchemaVersion": 2, "ArtifactName": "nginx:1.16", "ArtifactType": "container_image", "Metadata": { "OS": { "Family": "debian", "Name": "10.3", "EOSL": true }, "ImageID": "sha256:dfcfd8e9a5d38fb82bc8f9c299beba2df2232b7712b62875d5238cead7a5831c", "DiffIDs": [ "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13", "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c", "sha256:c23548ea0b991f6a482104af9e7f92279f280ae96ef25e707c273796e4ff33b2" ], "RepoTags": [ "nginx:1.16" ], "RepoDigests": [ "nginx@sha256:d20aa6d1cae56fd17cd458f4807e0de462caf2336f0b70b5eeb69fcaaf30dd9c" ], "ImageConfig": { "architecture": "amd64", "container": "14c9e731dce9265e8ed6b0b5bb56070d7dc04e7ed0058f0ed73383613c9552bf", "created": "2020-04-23T13:04:39.11443763Z", "docker_version": "18.09.7", "history": [ { "created": "2020-04-23T00:20:32.126556976Z", "created_by": "/bin/sh -c #(nop) ADD file:9b8be2b52ee0fa31da1b6256099030b73546253a57e94cccb24605cd888bb74d in / " }, { "created": "2020-04-23T00:20:32.391326355Z", "created_by": "/bin/sh -c #(nop) CMD [\"bash\"]", "empty_layer": true }, { "created": "2020-04-23T13:02:24.647346893Z", "created_by": "/bin/sh -c #(nop) LABEL maintainer=NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e", "empty_layer": true }, { "created": "2020-04-23T13:04:08.25062865Z", "created_by": "/bin/sh -c #(nop) ENV NGINX_VERSION=1.16.1", "empty_layer": true }, { "created": "2020-04-23T13:04:08.615216894Z", "created_by": "/bin/sh -c #(nop) ENV NJS_VERSION=0.3.8", "empty_layer": true }, { "created": "2020-04-23T13:04:08.887858872Z", "created_by": "/bin/sh -c #(nop) ENV PKG_RELEASE=1~buster", "empty_layer": true }, { "created": "2020-04-23T13:04:37.718964737Z", "created_by": "/bin/sh -c set -x \u0026\u0026 addgroup --system --gid 101 nginx \u0026\u0026 adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos \"nginx user\" --shell /bin/false --uid 101 nginx \u0026\u0026 apt-get update \u0026\u0026 apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \u0026\u0026 NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; found=''; for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu ; do echo \"Fetching GPG key $NGINX_GPGKEY from $server\"; apt-key adv --keyserver \"$server\" --keyserver-options timeout=10 --recv-keys \"$NGINX_GPGKEY\" \u0026\u0026 found=yes \u0026\u0026 break; done; test -z \"$found\" \u0026\u0026 echo \u003e\u00262 \"error: failed to fetch GPG key $NGINX_GPGKEY\" \u0026\u0026 exit 1; apt-get remove --purge --auto-remove -y gnupg1 \u0026\u0026 rm -rf /var/lib/apt/lists/* \u0026\u0026 dpkgArch=\"$(dpkg --print-architecture)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \" \u0026\u0026 case \"$dpkgArch\" in amd64|i386) echo \"deb https://nginx.org/packages/debian/ buster nginx\" \u003e\u003e /etc/apt/sources.list.d/nginx.list \u0026\u0026 apt-get update ;; *) echo \"deb-src https://nginx.org/packages/debian/ buster nginx\" \u003e\u003e /etc/apt/sources.list.d/nginx.list \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chmod 777 \"$tempDir\" \u0026\u0026 savedAptMark=\"$(apt-mark showmanual)\" \u0026\u0026 apt-get update \u0026\u0026 apt-get build-dep -y $nginxPackages \u0026\u0026 ( cd \"$tempDir\" \u0026\u0026 DEB_BUILD_OPTIONS=\"nocheck parallel=$(nproc)\" apt-get source --compile $nginxPackages ) \u0026\u0026 apt-mark showmanual | xargs apt-mark auto \u003e /dev/null \u0026\u0026 { [ -z \"$savedAptMark\" ] || apt-mark manual $savedAptMark; } \u0026\u0026 ls -lAFh \"$tempDir\" \u0026\u0026 ( cd \"$tempDir\" \u0026\u0026 dpkg-scanpackages . \u003e Packages ) \u0026\u0026 grep '^Package: ' \"$tempDir/Packages\" \u0026\u0026 echo \"deb [ trusted=yes ] file://$tempDir ./\" \u003e /etc/apt/sources.list.d/temp.list \u0026\u0026 apt-get -o Acquire::GzipIndexes=false update ;; esac \u0026\u0026 apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base \u0026\u0026 apt-get remove --purge --auto-remove -y ca-certificates \u0026\u0026 rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \u0026\u0026 if [ -n \"$tempDir\" ]; then apt-get purge -y --auto-remove \u0026\u0026 rm -rf \"$tempDir\" /etc/apt/sources.list.d/temp.list; fi" }, { "created": "2020-04-23T13:04:38.539144297Z", "created_by": "/bin/sh -c ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log" }, { "created": "2020-04-23T13:04:38.727541531Z", "created_by": "/bin/sh -c #(nop) EXPOSE 80", "empty_layer": true }, { "created": "2020-04-23T13:04:38.91124117Z", "created_by": "/bin/sh -c #(nop) STOPSIGNAL SIGTERM", "empty_layer": true }, { "created": "2020-04-23T13:04:39.11443763Z", "created_by": "/bin/sh -c #(nop) CMD [\"nginx\" \"-g\" \"daemon off;\"]", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13", "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c", "sha256:c23548ea0b991f6a482104af9e7f92279f280ae96ef25e707c273796e4ff33b2" ] }, "config": { "Cmd": [ "nginx", "-g", "daemon off;" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.16.1", "NJS_VERSION=0.3.8", "PKG_RELEASE=1~buster" ], "Image": "sha256:653f2f68442ff08b4204d98bcd2c129a74cc2b1c3138a1fb7ec27dd238f57656", "Labels": { "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" }, "ExposedPorts": { "80/tcp": {} }, "ArgsEscaped": true, "StopSignal": "SIGTERM" } } }, "Results": [ { "Target": "nginx:1.16 (debian 10.3)", "Class": "os-pkgs", "Type": "debian", "Vulnerabilities": [ { "VulnerabilityID": "CVE-2020-27350", "VendorIDs": [ "DSA-4808-1" ], "PkgName": "apt", "InstalledVersion": "1.8.2", "FixedVersion": "1.8.2.2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27350", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "apt: integer overflows and underflows while parsing .deb packages", "Description": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "V2Score": 4.6, "V3Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "V3Score": 5.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-27350", "https://bugs.launchpad.net/bugs/1899193", "https://security.netapp.com/advisory/ntap-20210108-0005/", "https://ubuntu.com/security/notices/USN-4667-1", "https://ubuntu.com/security/notices/USN-4667-2", "https://usn.ubuntu.com/usn/usn-4667-1", "https://www.cve.org/CVERecord?id=CVE-2020-27350", "https://www.debian.org/security/2020/dsa-4808" ], "PublishedDate": "2020-12-10T04:15:11.423Z", "LastModifiedDate": "2022-10-29T02:41:36.81Z" }, { "VulnerabilityID": "CVE-2020-3810", "VendorIDs": [ "DSA-4685-1" ], "PkgName": "apt", "InstalledVersion": "1.8.2", "FixedVersion": "1.8.2.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-3810", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Missing input validation in the ar/tar implementations of APT before v ...", "Description": "Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-20" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 } }, "References": [ "https://bugs.launchpad.net/bugs/1878177", "https://github.com/Debian/apt/issues/111", "https://github.com/julian-klode/apt/commit/de4efadc3c92e26d37272fd310be148ec61dcf36", "https://lists.debian.org/debian-security-announce/2020/msg00089.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/", "https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6", "https://salsa.debian.org/jak/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6", "https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/", "https://ubuntu.com/security/notices/USN-4359-1", "https://ubuntu.com/security/notices/USN-4359-2", "https://usn.ubuntu.com/4359-1/", "https://usn.ubuntu.com/4359-2/", "https://www.cve.org/CVERecord?id=CVE-2020-3810" ], "PublishedDate": "2020-05-15T14:15:11.887Z", "LastModifiedDate": "2023-11-07T03:23:04.667Z" }, { "VulnerabilityID": "CVE-2011-3374", "PkgName": "apt", "InstalledVersion": "1.8.2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "It was found that apt-key in apt, all versions, do not correctly valid ...", "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "Severity": "LOW", "CweIDs": [ "CWE-347" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V2Score": 4.3, "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/cve-2011-3374", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", "https://seclists.org/fulldisclosure/2011/Sep/221", "https://security-tracker.debian.org/tracker/CVE-2011-3374", "https://snyk.io/vuln/SNYK-LINUX-APT-116518", "https://ubuntu.com/security/CVE-2011-3374" ], "PublishedDate": "2019-11-26T00:15:11.03Z", "LastModifiedDate": "2021-02-09T16:08:18.683Z" }, { "VulnerabilityID": "CVE-2019-18276", "PkgName": "bash", "InstalledVersion": "5.0-4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", "Severity": "LOW", "CweIDs": [ "CWE-273" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.2, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", "https://access.redhat.com/security/cve/CVE-2019-18276", "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", "https://linux.oracle.com/cve/CVE-2019-18276.html", "https://linux.oracle.com/errata/ELSA-2021-1679.html", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2019-18276", "https://security.gentoo.org/glsa/202105-34", "https://security.netapp.com/advisory/ntap-20200430-0003/", "https://ubuntu.com/security/notices/USN-5380-1", "https://www.cve.org/CVERecord?id=CVE-2019-18276", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.youtube.com/watch?v=-wGtxJ8opa8" ], "PublishedDate": "2019-11-28T01:15:10.603Z", "LastModifiedDate": "2023-11-07T03:06:25.3Z" }, { "VulnerabilityID": "TEMP-0841856-B18BAF", "PkgName": "bash", "InstalledVersion": "5.0-4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[Privilege escalation possible to other user than root]", "Severity": "LOW" }, { "VulnerabilityID": "CVE-2024-28085", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "bsdutils", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2024-06-10T17:16:24.37Z" }, { "VulnerabilityID": "CVE-2021-37600", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "bsdutils", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", "Description": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 1.2, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-37600", "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", "https://github.com/karelzak/util-linux/issues/1395", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20210902-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-37600" ], "PublishedDate": "2021-07-30T14:15:18.737Z", "LastModifiedDate": "2024-08-04T02:15:24.44Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgName": "bsdutils", "InstalledVersion": "2.33.1-0.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2024-01-07T09:15:08.713Z" }, { "VulnerabilityID": "CVE-2016-2781", "PkgName": "coreutils", "InstalledVersion": "8.30-3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "Severity": "LOW", "CweIDs": [ "CWE-20" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "V2Score": 2.1, "V3Score": 6.5 }, "redhat": { "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "V2Score": 6.2, "V3Score": 8.6 } }, "References": [ "http://seclists.org/oss-sec/2016/q1/452", "http://www.openwall.com/lists/oss-security/2016/02/28/2", "http://www.openwall.com/lists/oss-security/2016/02/28/3", "https://access.redhat.com/security/cve/CVE-2016-2781", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://lore.kernel.org/patchwork/patch/793178/", "https://nvd.nist.gov/vuln/detail/CVE-2016-2781", "https://www.cve.org/CVERecord?id=CVE-2016-2781" ], "PublishedDate": "2017-02-07T15:59:00.333Z", "LastModifiedDate": "2023-11-07T02:32:03.347Z" }, { "VulnerabilityID": "CVE-2017-18018", "PkgName": "coreutils", "InstalledVersion": "8.30-3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "coreutils: race condition vulnerability in chown and chgrp", "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "V2Score": 1.9, "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "V3Score": 4.2 } }, "References": [ "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html", "https://access.redhat.com/security/cve/CVE-2017-18018", "https://nvd.nist.gov/vuln/detail/CVE-2017-18018", "https://www.cve.org/CVERecord?id=CVE-2017-18018" ], "PublishedDate": "2018-01-04T04:29:00.19Z", "LastModifiedDate": "2018-01-19T15:46:46.05Z" }, { "VulnerabilityID": "DLA-3482-1", "VendorIDs": [ "DLA-3482-1" ], "PkgName": "debian-archive-keyring", "InstalledVersion": "2019.1", "FixedVersion": "2019.1+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "debian-archive-keyring - security update", "Severity": "UNKNOWN" }, { "VulnerabilityID": "CVE-2022-1664", "VendorIDs": [ "DSA-5147-1" ], "PkgName": "dpkg", "InstalledVersion": "1.19.7", "FixedVersion": "1.19.8", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1664", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Dpkg::Source::Archive in dpkg, the Debian package management system, b ...", "Description": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.", "Severity": "CRITICAL", "CweIDs": [ "CWE-22" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 } }, "References": [ "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495", "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5", "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b", "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be", "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html", "https://lists.debian.org/debian-security-announce/2022/msg00115.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-1664", "https://security.netapp.com/advisory/ntap-20221007-0002/", "https://ubuntu.com/security/notices/USN-5446-1", "https://ubuntu.com/security/notices/USN-5446-2", "https://www.cve.org/CVERecord?id=CVE-2022-1664" ], "PublishedDate": "2022-05-26T14:15:08.01Z", "LastModifiedDate": "2022-12-03T02:19:32.127Z" }, { "VulnerabilityID": "CVE-2022-1304", "PkgName": "e2fsprogs", "InstalledVersion": "1.44.5-1+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1304", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "e2fsprogs: out-of-bounds read/write via crafted filesystem", "Description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "Severity": "HIGH", "CweIDs": [ "CWE-125", "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8361", "https://access.redhat.com/security/cve/CVE-2022-1304", "https://bugzilla.redhat.com/2069726", "https://bugzilla.redhat.com/show_bug.cgi?id=2069726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304", "https://errata.almalinux.org/9/ALSA-2022-8361.html", "https://errata.rockylinux.org/RLSA-2022:8361", "https://linux.oracle.com/cve/CVE-2022-1304.html", "https://linux.oracle.com/errata/ELSA-2022-8361.html", "https://marc.info/?l=linux-ext4\u0026m=165056234501732\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2022-1304", "https://ubuntu.com/security/notices/USN-5464-1", "https://www.cve.org/CVERecord?id=CVE-2022-1304" ], "PublishedDate": "2022-04-14T21:15:08.49Z", "LastModifiedDate": "2023-11-07T03:41:53.02Z" }, { "VulnerabilityID": "CVE-2024-28085", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "fdisk", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2024-06-10T17:16:24.37Z" }, { "VulnerabilityID": "CVE-2021-37600", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "fdisk", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", "Description": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 1.2, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-37600", "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", "https://github.com/karelzak/util-linux/issues/1395", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20210902-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-37600" ], "PublishedDate": "2021-07-30T14:15:18.737Z", "LastModifiedDate": "2024-08-04T02:15:24.44Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgName": "fdisk", "InstalledVersion": "2.33.1-0.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2024-01-07T09:15:08.713Z" }, { "VulnerabilityID": "CVE-2018-12886", "PkgName": "gcc-8-base", "InstalledVersion": "8.3.0-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", "Severity": "HIGH", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-12886", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=89d7557202d25a393666ac4c0f7dbdab31e452a2", "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", "https://nvd.nist.gov/vuln/detail/CVE-2018-12886", "https://www.cve.org/CVERecord?id=CVE-2018-12886", "https://www.gnu.org/software/gcc/gcc-8/changes.html" ], "PublishedDate": "2019-05-22T19:29:00.297Z", "LastModifiedDate": "2020-08-24T17:37:01.14Z" }, { "VulnerabilityID": "CVE-2019-15847", "PkgName": "gcc-8-base", "InstalledVersion": "8.3.0-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15847", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", "Description": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", "Severity": "HIGH", "CweIDs": [ "CWE-331" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", "https://access.redhat.com/security/cve/CVE-2019-15847", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=457dac402027dd7e14543fbd59a75858422cf6c6", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e99bfdd2a8db732ea84cf0a6486707e5e821ad7e", "https://linux.oracle.com/cve/CVE-2019-15847.html", "https://linux.oracle.com/errata/ELSA-2020-1864.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-15847", "https://www.cve.org/CVERecord?id=CVE-2019-15847" ], "PublishedDate": "2019-09-02T23:15:10.837Z", "LastModifiedDate": "2020-09-17T13:38:06.51Z" }, { "VulnerabilityID": "CVE-2023-4039", "PkgName": "gcc-8-base", "InstalledVersion": "8.3.0-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4039", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64", "Description": "\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-693" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-4039", "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", "https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt", "https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html", "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", "https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org", "https://linux.oracle.com/cve/CVE-2023-4039.html", "https://linux.oracle.com/errata/ELSA-2023-28766.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-4039", "https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html", "https://www.cve.org/CVERecord?id=CVE-2023-4039" ], "PublishedDate": "2023-09-13T09:15:15.69Z", "LastModifiedDate": "2024-08-02T08:15:14.993Z" }, { "VulnerabilityID": "CVE-2022-34903", "VendorIDs": [ "DSA-5174-1" ], "PkgName": "gpgv", "InstalledVersion": "2.2.12-1+deb10u1", "FixedVersion": "2.2.12-1+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-34903", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gpg: Signature spoofing via status line injection", "Description": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.", "Severity": "MEDIUM", "CweIDs": [ "CWE-74" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "V2Score": 5.8, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/07/02/1", "https://access.redhat.com/errata/RHSA-2022:6602", "https://access.redhat.com/security/cve/CVE-2022-34903", "https://bugs.debian.org/1014157", "https://bugzilla.redhat.com/2102868", "https://bugzilla.redhat.com/show_bug.cgi?id=2102868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903", "https://dev.gnupg.org/T6027", "https://errata.almalinux.org/9/ALSA-2022-6602.html", "https://errata.rockylinux.org/RLSA-2022:6602", "https://linux.oracle.com/cve/CVE-2022-34903.html", "https://linux.oracle.com/errata/ELSA-2022-6602.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/", "https://nvd.nist.gov/vuln/detail/CVE-2022-34903", "https://security.netapp.com/advisory/ntap-20220826-0005/", "https://ubuntu.com/security/notices/USN-5503-1", "https://ubuntu.com/security/notices/USN-5503-2", "https://www.cve.org/CVERecord?id=CVE-2022-34903", "https://www.debian.org/security/2022/dsa-5174", "https://www.openwall.com/lists/oss-security/2022/06/30/1" ], "PublishedDate": "2022-07-01T22:15:08.12Z", "LastModifiedDate": "2023-11-07T03:48:47.553Z" }, { "VulnerabilityID": "CVE-2019-14855", "PkgName": "gpgv", "InstalledVersion": "2.2.12-1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14855", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnupg2: OpenPGP Key Certification Forgeries with SHA-1", "Description": "A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.", "Severity": "LOW", "CweIDs": [ "CWE-326" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-14855", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855", "https://dev.gnupg.org/T4755", "https://eprint.iacr.org/2020/014.pdf", "https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-14855", "https://rwc.iacr.org/2020/slides/Leurent.pdf", "https://ubuntu.com/security/notices/USN-4516-1", "https://usn.ubuntu.com/4516-1/", "https://www.cve.org/CVERecord?id=CVE-2019-14855" ], "PublishedDate": "2020-03-20T16:15:14.68Z", "LastModifiedDate": "2022-11-08T02:28:51.273Z" }, { "VulnerabilityID": "CVE-2022-3219", "PkgName": "gpgv", "InstalledVersion": "2.2.12-1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnupg: denial of service issue (resource consumption) using compressed packets", "Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-3219", "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", "https://dev.gnupg.org/D556", "https://dev.gnupg.org/T5993", "https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4", "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "https://security.netapp.com/advisory/ntap-20230324-0001/", "https://www.cve.org/CVERecord?id=CVE-2022-3219" ], "PublishedDate": "2023-02-23T20:15:12.393Z", "LastModifiedDate": "2023-05-26T16:31:34.07Z" }, { "VulnerabilityID": "CVE-2022-1271", "VendorIDs": [ "DSA-5122-1" ], "PkgName": "gzip", "InstalledVersion": "1.9-3", "FixedVersion": "1.9-3+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1271", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gzip: arbitrary-file-write vulnerability", "Description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "Severity": "HIGH", "CweIDs": [ "CWE-20", "CWE-179" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:4940", "https://access.redhat.com/security/cve/CVE-2022-1271", "https://bugzilla.redhat.com/2073310", "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271", "https://errata.almalinux.org/9/ALSA-2022-4940.html", "https://errata.rockylinux.org/RLSA-2022:4940", "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", "https://linux.oracle.com/cve/CVE-2022-1271.html", "https://linux.oracle.com/errata/ELSA-2022-5052.html", "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-1271", "https://security-tracker.debian.org/tracker/CVE-2022-1271", "https://security.gentoo.org/glsa/202209-01", "https://security.netapp.com/advisory/ntap-20220930-0006/", "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", "https://ubuntu.com/security/notices/USN-5378-1", "https://ubuntu.com/security/notices/USN-5378-2", "https://ubuntu.com/security/notices/USN-5378-3", "https://ubuntu.com/security/notices/USN-5378-4", "https://www.cve.org/CVERecord?id=CVE-2022-1271", "https://www.openwall.com/lists/oss-security/2022/04/07/8" ], "PublishedDate": "2022-08-31T16:15:09.347Z", "LastModifiedDate": "2023-11-07T03:41:52.377Z" }, { "VulnerabilityID": "CVE-2020-27350", "VendorIDs": [ "DSA-4808-1" ], "PkgName": "libapt-pkg5.0", "InstalledVersion": "1.8.2", "FixedVersion": "1.8.2.2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27350", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "apt: integer overflows and underflows while parsing .deb packages", "Description": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "V2Score": 4.6, "V3Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "V3Score": 5.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-27350", "https://bugs.launchpad.net/bugs/1899193", "https://security.netapp.com/advisory/ntap-20210108-0005/", "https://ubuntu.com/security/notices/USN-4667-1", "https://ubuntu.com/security/notices/USN-4667-2", "https://usn.ubuntu.com/usn/usn-4667-1", "https://www.cve.org/CVERecord?id=CVE-2020-27350", "https://www.debian.org/security/2020/dsa-4808" ], "PublishedDate": "2020-12-10T04:15:11.423Z", "LastModifiedDate": "2022-10-29T02:41:36.81Z" }, { "VulnerabilityID": "CVE-2020-3810", "VendorIDs": [ "DSA-4685-1" ], "PkgName": "libapt-pkg5.0", "InstalledVersion": "1.8.2", "FixedVersion": "1.8.2.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-3810", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Missing input validation in the ar/tar implementations of APT before v ...", "Description": "Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-20" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 } }, "References": [ "https://bugs.launchpad.net/bugs/1878177", "https://github.com/Debian/apt/issues/111", "https://github.com/julian-klode/apt/commit/de4efadc3c92e26d37272fd310be148ec61dcf36", "https://lists.debian.org/debian-security-announce/2020/msg00089.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/", "https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6", "https://salsa.debian.org/jak/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6", "https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/", "https://ubuntu.com/security/notices/USN-4359-1", "https://ubuntu.com/security/notices/USN-4359-2", "https://usn.ubuntu.com/4359-1/", "https://usn.ubuntu.com/4359-2/", "https://www.cve.org/CVERecord?id=CVE-2020-3810" ], "PublishedDate": "2020-05-15T14:15:11.887Z", "LastModifiedDate": "2023-11-07T03:23:04.667Z" }, { "VulnerabilityID": "CVE-2011-3374", "PkgName": "libapt-pkg5.0", "InstalledVersion": "1.8.2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "It was found that apt-key in apt, all versions, do not correctly valid ...", "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "Severity": "LOW", "CweIDs": [ "CWE-347" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V2Score": 4.3, "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/cve-2011-3374", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", "https://seclists.org/fulldisclosure/2011/Sep/221", "https://security-tracker.debian.org/tracker/CVE-2011-3374", "https://snyk.io/vuln/SNYK-LINUX-APT-116518", "https://ubuntu.com/security/CVE-2011-3374" ], "PublishedDate": "2019-11-26T00:15:11.03Z", "LastModifiedDate": "2021-02-09T16:08:18.683Z" }, { "VulnerabilityID": "CVE-2024-28085", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "libblkid1", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2024-06-10T17:16:24.37Z" }, { "VulnerabilityID": "CVE-2021-37600", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "libblkid1", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", "Description": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 1.2, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-37600", "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", "https://github.com/karelzak/util-linux/issues/1395", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20210902-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-37600" ], "PublishedDate": "2021-07-30T14:15:18.737Z", "LastModifiedDate": "2024-08-04T02:15:24.44Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgName": "libblkid1", "InstalledVersion": "2.33.1-0.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2024-01-07T09:15:08.713Z" }, { "VulnerabilityID": "CVE-2019-20367", "PkgName": "libbsd0", "InstalledVersion": "0.9.1-2", "FixedVersion": "0.9.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20367", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...", "Description": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).", "Severity": "CRITICAL", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V2Score": 6.4, "V3Score": 9.1 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00043.html", "https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b", "https://lists.apache.org/thread.html/r0e913668380f59bcbd14fdd8ae8d24f95f99995e290cd18a7822c6e5%40%3Cdev.tomee.apache.org%3E", "https://lists.apache.org/thread.html/ra781e51cf1ec40381c98cddc073b3576fb56c3978f4564d2fa431550%40%3Cdev.tomee.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html", "https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html", "https://ubuntu.com/security/notices/USN-4243-1", "https://usn.ubuntu.com/4243-1/", "https://www.cve.org/CVERecord?id=CVE-2019-20367" ], "PublishedDate": "2020-01-08T17:15:11.757Z", "LastModifiedDate": "2023-11-07T03:09:08.147Z" }, { "VulnerabilityID": "DLA-3112-1", "VendorIDs": [ "DLA-3112-1" ], "PkgName": "libbz2-1.0", "InstalledVersion": "1.0.6-9.2~deb10u1", "FixedVersion": "1.0.6-9.2~deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "bzip2 - bugfix update", "Severity": "UNKNOWN" }, { "VulnerabilityID": "CVE-2021-33574", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33574", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: mq_notify does not handle separately allocated thread attributes", "Description": "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.", "Severity": "CRITICAL", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-33574", "https://linux.oracle.com/cve/CVE-2021-33574.html", "https://linux.oracle.com/errata/ELSA-2021-9560.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/", "https://nvd.nist.gov/vuln/detail/CVE-2021-33574", "https://security.gentoo.org/glsa/202107-07", "https://security.netapp.com/advisory/ntap-20210629-0005/", "https://sourceware.org/bugzilla/show_bug.cgi?id=27896", "https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1", "https://www.cve.org/CVERecord?id=CVE-2021-33574" ], "PublishedDate": "2021-05-25T22:15:10.41Z", "LastModifiedDate": "2023-11-07T03:35:52.81Z" }, { "VulnerabilityID": "CVE-2021-35942", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-35942", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Arbitrary read in wordexp()", "Description": "The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.", "Severity": "CRITICAL", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V2Score": 6.4, "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35942.json", "https://access.redhat.com/security/cve/CVE-2021-35942", "https://linux.oracle.com/cve/CVE-2021-35942.html", "https://linux.oracle.com/errata/ELSA-2021-9560.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-35942", "https://security.gentoo.org/glsa/202208-24", "https://security.netapp.com/advisory/ntap-20210827-0005/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28011", "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c", "https://sourceware.org/glibc/wiki/Security%20Exceptions", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5699-1", "https://www.cve.org/CVERecord?id=CVE-2021-35942" ], "PublishedDate": "2021-07-22T18:15:23.287Z", "LastModifiedDate": "2023-11-07T03:36:39.66Z" }, { "VulnerabilityID": "CVE-2022-23218", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23218", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Stack-based buffer overflow in svcunix_create via long pathnames", "Description": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-23218", "https://linux.oracle.com/cve/CVE-2022-23218.html", "https://linux.oracle.com/errata/ELSA-2022-9421.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-23218", "https://security.gentoo.org/glsa/202208-24", "https://sourceware.org/bugzilla/show_bug.cgi?id=28768", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5310-2", "https://www.cve.org/CVERecord?id=CVE-2022-23218", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-01-14T07:15:08.8Z", "LastModifiedDate": "2022-11-08T13:37:42.66Z" }, { "VulnerabilityID": "CVE-2022-23219", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23219", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname", "Description": "The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-23219", "https://linux.oracle.com/cve/CVE-2022-23219.html", "https://linux.oracle.com/errata/ELSA-2022-9421.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-23219", "https://security.gentoo.org/glsa/202208-24", "https://sourceware.org/bugzilla/show_bug.cgi?id=22542", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5310-2", "https://www.cve.org/CVERecord?id=CVE-2022-23219", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-01-14T07:15:08.867Z", "LastModifiedDate": "2022-11-08T13:32:54.15Z" }, { "VulnerabilityID": "CVE-2020-1751", "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1751", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: array overflow in backtrace functions for powerpc", "Description": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 5.9, "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-1751", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751", "https://linux.oracle.com/cve/CVE-2020-1751.html", "https://linux.oracle.com/errata/ELSA-2020-4444.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-1751", "https://security.gentoo.org/glsa/202006-04", "https://security.netapp.com/advisory/ntap-20200430-0002/", "https://sourceware.org/bugzilla/show_bug.cgi?id=25423", "https://ubuntu.com/security/notices/USN-4416-1", "https://usn.ubuntu.com/4416-1/", "https://www.cve.org/CVERecord?id=CVE-2020-1751" ], "PublishedDate": "2020-04-17T19:15:14.437Z", "LastModifiedDate": "2023-11-07T03:19:33.177Z" }, { "VulnerabilityID": "CVE-2020-1752", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1752", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: use-after-free in glob() function when expanding ~user", "Description": "A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 3.7, "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-1752", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752", "https://linux.oracle.com/cve/CVE-2020-1752.html", "https://linux.oracle.com/errata/ELSA-2020-4444.html", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-1752", "https://security.gentoo.org/glsa/202101-20", "https://security.netapp.com/advisory/ntap-20200511-0005/", "https://sourceware.org/bugzilla/show_bug.cgi?id=25414", "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c", "https://ubuntu.com/security/notices/USN-4416-1", "https://usn.ubuntu.com/4416-1/", "https://www.cve.org/CVERecord?id=CVE-2020-1752" ], "PublishedDate": "2020-04-30T17:15:13.067Z", "LastModifiedDate": "2023-11-07T03:19:33.337Z" }, { "VulnerabilityID": "CVE-2020-6096", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-6096", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function", "Description": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.", "Severity": "HIGH", "CweIDs": [ "CWE-195", "CWE-191", "CWE-681" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-6096", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPYXTDOOB4PQGTYAMZAZNJIB3FF6YQXI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URXOIA2LDUKHQXK4BE55BQBRI6ZZG3Y6/", "https://nvd.nist.gov/vuln/detail/CVE-2020-6096", "https://security.gentoo.org/glsa/202101-20", "https://sourceware.org/bugzilla/attachment.cgi?id=12334", "https://sourceware.org/bugzilla/show_bug.cgi?id=25620", "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019", "https://ubuntu.com/security/notices/USN-4954-1", "https://ubuntu.com/security/notices/USN-5310-1", "https://www.cve.org/CVERecord?id=CVE-2020-6096", "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019" ], "PublishedDate": "2020-04-01T22:15:18.503Z", "LastModifiedDate": "2023-11-07T03:24:12.097Z" }, { "VulnerabilityID": "CVE-2021-3326", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3326", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters", "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.", "Severity": "HIGH", "CweIDs": [ "CWE-617" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2021/01/28/2", "https://access.redhat.com/security/cve/CVE-2021-3326", "https://bugs.chromium.org/p/project-zero/issues/detail?id=2146", "https://linux.oracle.com/cve/CVE-2021-3326.html", "https://linux.oracle.com/errata/ELSA-2021-9344.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-3326", "https://security.gentoo.org/glsa/202107-07", "https://security.netapp.com/advisory/ntap-20210304-0007/", "https://sourceware.org/bugzilla/show_bug.cgi?id=27256", "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888", "https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5699-1", "https://www.cve.org/CVERecord?id=CVE-2021-3326", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html" ], "PublishedDate": "2021-01-27T20:15:14.02Z", "LastModifiedDate": "2023-11-07T03:37:58.28Z" }, { "VulnerabilityID": "CVE-2021-3999", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3999", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Off-by-one buffer overflow/underflow in getcwd()", "Description": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.", "Severity": "HIGH", "CweIDs": [ "CWE-193" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3999.json", "https://access.redhat.com/security/cve/CVE-2021-3999", "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", "https://linux.oracle.com/cve/CVE-2021-3999.html", "https://linux.oracle.com/errata/ELSA-2022-9234.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-3999", "https://security-tracker.debian.org/tracker/CVE-2021-3999", "https://security.netapp.com/advisory/ntap-20221104-0001/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5310-2", "https://ubuntu.com/security/notices/USN-6762-1", "https://www.cve.org/CVERecord?id=CVE-2021-3999", "https://www.openwall.com/lists/oss-security/2022/01/24/4" ], "PublishedDate": "2022-08-24T16:15:09.077Z", "LastModifiedDate": "2023-02-12T23:43:11.643Z" }, { "VulnerabilityID": "CVE-2024-2961", "VendorIDs": [ "DLA-3807-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Out of bounds write in iconv may lead to remote code execution", "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/17/9", "http://www.openwall.com/lists/oss-security/2024/04/18/4", "http://www.openwall.com/lists/oss-security/2024/04/24/2", "http://www.openwall.com/lists/oss-security/2024/05/27/1", "http://www.openwall.com/lists/oss-security/2024/05/27/2", "http://www.openwall.com/lists/oss-security/2024/05/27/3", "http://www.openwall.com/lists/oss-security/2024/05/27/4", "http://www.openwall.com/lists/oss-security/2024/05/27/5", "http://www.openwall.com/lists/oss-security/2024/05/27/6", "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-2961", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://linux.oracle.com/cve/CVE-2024-2961.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", "https://security.netapp.com/advisory/ntap-20240531-0002/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", "https://ubuntu.com/security/notices/USN-6737-1", "https://ubuntu.com/security/notices/USN-6737-2", "https://ubuntu.com/security/notices/USN-6762-1", "https://www.cve.org/CVERecord?id=CVE-2024-2961", "https://www.openwall.com/lists/oss-security/2024/04/17/9" ], "PublishedDate": "2024-04-17T18:15:15.833Z", "LastModifiedDate": "2024-07-22T18:15:03.19Z" }, { "VulnerabilityID": "CVE-2024-33599", "VendorIDs": [ "DLA-3850-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: stack-based buffer overflow in netgroup cache", "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n", "Severity": "HIGH", "CweIDs": [ "CWE-121" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33599", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33599.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33599", "https://security.netapp.com/advisory/ntap-20240524-0011/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33599", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.437Z", "LastModifiedDate": "2024-07-22T18:15:03.323Z" }, { "VulnerabilityID": "CVE-2016-10228", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: iconv program can hang when invoked with the -c option", "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://openwall.com/lists/oss-security/2017/03/01/10", "http://www.securityfocus.com/bid/96525", "https://access.redhat.com/security/cve/CVE-2016-10228", "https://linux.oracle.com/cve/CVE-2016-10228.html", "https://linux.oracle.com/errata/ELSA-2021-9344.html", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2016-10228", "https://security.gentoo.org/glsa/202101-20", "https://sourceware.org/bugzilla/show_bug.cgi?id=19519", "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21", "https://sourceware.org/bugzilla/show_bug.cgi?id=26224", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5768-1", "https://www.cve.org/CVERecord?id=CVE-2016-10228", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2017-03-02T01:59:00.143Z", "LastModifiedDate": "2023-11-07T02:29:33.143Z" }, { "VulnerabilityID": "CVE-2019-25013", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-25013", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding", "Description": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-25013", "https://linux.oracle.com/cve/CVE-2019-25013.html", "https://linux.oracle.com/errata/ELSA-2021-9344.html", "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E", "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E", "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/", "https://nvd.nist.gov/vuln/detail/CVE-2019-25013", "https://security.gentoo.org/glsa/202107-07", "https://security.netapp.com/advisory/ntap-20210205-0004/", "https://sourceware.org/bugzilla/show_bug.cgi?id=24973", "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5768-1", "https://www.cve.org/CVERecord?id=CVE-2019-25013", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2021-01-04T18:15:13.027Z", "LastModifiedDate": "2023-11-09T14:44:33.733Z" }, { "VulnerabilityID": "CVE-2020-10029", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-10029", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions", "Description": "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 2.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.7 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html", "https://access.redhat.com/security/cve/CVE-2020-10029", "https://linux.oracle.com/cve/CVE-2020-10029.html", "https://linux.oracle.com/errata/ELSA-2021-0348.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23N76M3EDP2GIW4GOIQRYTKRE7PPBRB2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTFUD5VH2GU3YOXA2KBQSBIDZRDWNZ3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU5JJGENOK7K4X5RYAA5PL647C6HD22E/", "https://nvd.nist.gov/vuln/detail/CVE-2020-10029", "https://security.gentoo.org/glsa/202006-04", "https://security.netapp.com/advisory/ntap-20200327-0003/", "https://sourceware.org/bugzilla/show_bug.cgi?id=25487", "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=9333498794cde1d5cca518badf79533a24114b6f", "https://ubuntu.com/security/notices/USN-4416-1", "https://usn.ubuntu.com/4416-1/", "https://www.cve.org/CVERecord?id=CVE-2020-10029" ], "PublishedDate": "2020-03-04T15:15:13.083Z", "LastModifiedDate": "2023-11-07T03:14:05.347Z" }, { "VulnerabilityID": "CVE-2020-27618", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27618", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop", "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 2.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-27618", "https://linux.oracle.com/cve/CVE-2020-27618.html", "https://linux.oracle.com/errata/ELSA-2021-9344.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-27618", "https://security.gentoo.org/glsa/202107-07", "https://security.netapp.com/advisory/ntap-20210401-0006/", "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21", "https://sourceware.org/bugzilla/show_bug.cgi?id=26224", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5768-1", "https://www.cve.org/CVERecord?id=CVE-2020-27618", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html" ], "PublishedDate": "2021-02-26T23:15:11.123Z", "LastModifiedDate": "2022-10-28T20:06:38.603Z" }, { "VulnerabilityID": "CVE-2023-4806", "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4806", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: potential use-after-free in getaddrinfo()", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/03/4", "http://www.openwall.com/lists/oss-security/2023/10/03/5", "http://www.openwall.com/lists/oss-security/2023/10/03/6", "http://www.openwall.com/lists/oss-security/2023/10/03/8", "https://access.redhat.com/errata/RHSA-2023:5453", "https://access.redhat.com/errata/RHSA-2023:5455", "https://access.redhat.com/errata/RHSA-2023:7409", "https://access.redhat.com/security/cve/CVE-2023-4806", "https://bugzilla.redhat.com/2234712", "https://bugzilla.redhat.com/2237782", "https://bugzilla.redhat.com/2237798", "https://bugzilla.redhat.com/2238352", "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", "https://bugzilla.redhat.com/show_bug.cgi?id=2237798", "https://bugzilla.redhat.com/show_bug.cgi?id=2238352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4813", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911", "https://errata.almalinux.org/9/ALSA-2023-5453.html", "https://errata.rockylinux.org/RLSA-2023:5455", "https://linux.oracle.com/cve/CVE-2023-4806.html", "https://linux.oracle.com/errata/ELSA-2023-5455.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/", "https://nvd.nist.gov/vuln/detail/CVE-2023-4806", "https://security.gentoo.org/glsa/202310-03", "https://security.netapp.com/advisory/ntap-20240125-0008/", "https://ubuntu.com/security/notices/USN-6541-1", "https://ubuntu.com/security/notices/USN-6541-2", "https://www.cve.org/CVERecord?id=CVE-2023-4806" ], "PublishedDate": "2023-09-18T17:15:55.813Z", "LastModifiedDate": "2024-01-25T14:15:26.36Z" }, { "VulnerabilityID": "CVE-2023-4813", "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4813", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: potential use-after-free in gaih_inet()", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/03/8", "https://access.redhat.com/errata/RHSA-2023:5453", "https://access.redhat.com/errata/RHSA-2023:5455", "https://access.redhat.com/errata/RHSA-2023:7409", "https://access.redhat.com/security/cve/CVE-2023-4813", "https://bugzilla.redhat.com/2234712", "https://bugzilla.redhat.com/2237782", "https://bugzilla.redhat.com/2237798", "https://bugzilla.redhat.com/2238352", "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", "https://bugzilla.redhat.com/show_bug.cgi?id=2237798", "https://bugzilla.redhat.com/show_bug.cgi?id=2238352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4813", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911", "https://errata.almalinux.org/9/ALSA-2023-5453.html", "https://errata.rockylinux.org/RLSA-2023:5455", "https://linux.oracle.com/cve/CVE-2023-4813.html", "https://linux.oracle.com/errata/ELSA-2023-5455.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-4813", "https://security.netapp.com/advisory/ntap-20231110-0003/", "https://ubuntu.com/security/notices/USN-6541-1", "https://ubuntu.com/security/notices/USN-6541-2", "https://www.cve.org/CVERecord?id=CVE-2023-4813" ], "PublishedDate": "2023-09-12T22:15:08.277Z", "LastModifiedDate": "2024-01-21T01:49:46.697Z" }, { "VulnerabilityID": "CVE-2024-33600", "VendorIDs": [ "DLA-3850-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: null pointer dereferences after failed netgroup cache insertion", "Description": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33600", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33600.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33600", "https://security.netapp.com/advisory/ntap-20240524-0013/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33600", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.523Z", "LastModifiedDate": "2024-07-22T18:15:03.417Z" }, { "VulnerabilityID": "CVE-2024-33601", "VendorIDs": [ "DLA-3850-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33601", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: netgroup cache may terminate daemon on memory allocation failure", "Description": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33601", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33601.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33601", "https://security.netapp.com/advisory/ntap-20240524-0014/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33601", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.603Z", "LastModifiedDate": "2024-07-22T18:15:03.493Z" }, { "VulnerabilityID": "CVE-2024-33602", "VendorIDs": [ "DLA-3850-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33602", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings", "Description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-466" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33602", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33602.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", "https://security.netapp.com/advisory/ntap-20240524-0012/", "https://sourceware.org/bugzilla/show_bug.cgi?id=31680", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33602", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.68Z", "LastModifiedDate": "2024-07-22T18:15:03.583Z" }, { "VulnerabilityID": "CVE-2010-4756", "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "Severity": "LOW", "CweIDs": [ "CWE-399" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "V2Score": 4 }, "redhat": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V2Score": 5 } }, "References": [ "http://cxib.net/stuff/glob-0day.c", "http://securityreason.com/achievement_securityalert/89", "http://securityreason.com/exploitalert/9223", "https://access.redhat.com/security/cve/CVE-2010-4756", "https://bugzilla.redhat.com/show_bug.cgi?id=681681", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "https://www.cve.org/CVERecord?id=CVE-2010-4756" ], "PublishedDate": "2011-03-02T20:00:01.037Z", "LastModifiedDate": "2021-09-01T12:15:07.193Z" }, { "VulnerabilityID": "CVE-2018-20796", "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/107160", "https://access.redhat.com/security/cve/CVE-2018-20796", "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2018-20796" ], "PublishedDate": "2019-02-26T02:29:00.45Z", "LastModifiedDate": "2023-11-07T02:56:20.983Z" }, { "VulnerabilityID": "CVE-2019-1010022", "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: stack guard protection bypass", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010022", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", "https://ubuntu.com/security/CVE-2019-1010022", "https://www.cve.org/CVERecord?id=CVE-2019-1010022" ], "PublishedDate": "2019-07-15T04:15:13.317Z", "LastModifiedDate": "2024-08-05T03:15:25.083Z" }, { "VulnerabilityID": "CVE-2019-1010023", "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.securityfocus.com/bid/109167", "https://access.redhat.com/security/cve/CVE-2019-1010023", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010023", "https://www.cve.org/CVERecord?id=CVE-2019-1010023" ], "PublishedDate": "2019-07-15T04:15:13.397Z", "LastModifiedDate": "2024-08-05T03:15:25.183Z" }, { "VulnerabilityID": "CVE-2019-1010024", "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: ASLR bypass using cache of thread stack and heap", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/109162", "https://access.redhat.com/security/cve/CVE-2019-1010024", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010024", "https://www.cve.org/CVERecord?id=CVE-2019-1010024" ], "PublishedDate": "2019-07-15T04:15:13.473Z", "LastModifiedDate": "2024-08-05T03:15:25.26Z" }, { "VulnerabilityID": "CVE-2019-1010025", "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: information disclosure of heap addresses of pthread_created thread", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "Severity": "LOW", "CweIDs": [ "CWE-330" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010025", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010025", "https://www.cve.org/CVERecord?id=CVE-2019-1010025" ], "PublishedDate": "2019-07-15T04:15:13.537Z", "LastModifiedDate": "2024-08-05T03:15:25.333Z" }, { "VulnerabilityID": "CVE-2019-19126", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", "Severity": "LOW", "CweIDs": [ "CWE-665" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V2Score": 2.1, "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-19126", "https://linux.oracle.com/cve/CVE-2019-19126.html", "https://linux.oracle.com/errata/ELSA-2020-3861.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", "https://nvd.nist.gov/vuln/detail/CVE-2019-19126", "https://sourceware.org/bugzilla/show_bug.cgi?id=25204", "https://sourceware.org/ml/libc-alpha/2019-11/msg00649.html", "https://ubuntu.com/security/notices/USN-4416-1", "https://usn.ubuntu.com/4416-1/", "https://www.cve.org/CVERecord?id=CVE-2019-19126" ], "PublishedDate": "2019-11-19T22:15:11.427Z", "LastModifiedDate": "2023-11-07T03:07:31.533Z" }, { "VulnerabilityID": "CVE-2019-9192", "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "V3Score": 2.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-9192", "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2019-9192" ], "PublishedDate": "2019-02-26T18:29:00.34Z", "LastModifiedDate": "2024-08-04T22:15:34.74Z" }, { "VulnerabilityID": "CVE-2021-27645", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc-bin", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-27645", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c", "Description": "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.", "Severity": "LOW", "CweIDs": [ "CWE-415" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V2Score": 1.9, "V3Score": 2.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-27645", "https://linux.oracle.com/cve/CVE-2021-27645.html", "https://linux.oracle.com/errata/ELSA-2021-9560.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/", "https://nvd.nist.gov/vuln/detail/CVE-2021-27645", "https://security.gentoo.org/glsa/202107-07", "https://sourceware.org/bugzilla/show_bug.cgi?id=27462", "https://ubuntu.com/security/notices/USN-5310-1", "https://www.cve.org/CVERecord?id=CVE-2021-27645" ], "PublishedDate": "2021-02-24T15:15:13.837Z", "LastModifiedDate": "2023-11-07T03:31:59.813Z" }, { "VulnerabilityID": "CVE-2021-33574", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33574", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: mq_notify does not handle separately allocated thread attributes", "Description": "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.", "Severity": "CRITICAL", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-33574", "https://linux.oracle.com/cve/CVE-2021-33574.html", "https://linux.oracle.com/errata/ELSA-2021-9560.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/", "https://nvd.nist.gov/vuln/detail/CVE-2021-33574", "https://security.gentoo.org/glsa/202107-07", "https://security.netapp.com/advisory/ntap-20210629-0005/", "https://sourceware.org/bugzilla/show_bug.cgi?id=27896", "https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1", "https://www.cve.org/CVERecord?id=CVE-2021-33574" ], "PublishedDate": "2021-05-25T22:15:10.41Z", "LastModifiedDate": "2023-11-07T03:35:52.81Z" }, { "VulnerabilityID": "CVE-2021-35942", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-35942", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Arbitrary read in wordexp()", "Description": "The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.", "Severity": "CRITICAL", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V2Score": 6.4, "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35942.json", "https://access.redhat.com/security/cve/CVE-2021-35942", "https://linux.oracle.com/cve/CVE-2021-35942.html", "https://linux.oracle.com/errata/ELSA-2021-9560.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-35942", "https://security.gentoo.org/glsa/202208-24", "https://security.netapp.com/advisory/ntap-20210827-0005/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28011", "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c", "https://sourceware.org/glibc/wiki/Security%20Exceptions", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5699-1", "https://www.cve.org/CVERecord?id=CVE-2021-35942" ], "PublishedDate": "2021-07-22T18:15:23.287Z", "LastModifiedDate": "2023-11-07T03:36:39.66Z" }, { "VulnerabilityID": "CVE-2022-23218", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23218", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Stack-based buffer overflow in svcunix_create via long pathnames", "Description": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-23218", "https://linux.oracle.com/cve/CVE-2022-23218.html", "https://linux.oracle.com/errata/ELSA-2022-9421.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-23218", "https://security.gentoo.org/glsa/202208-24", "https://sourceware.org/bugzilla/show_bug.cgi?id=28768", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5310-2", "https://www.cve.org/CVERecord?id=CVE-2022-23218", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-01-14T07:15:08.8Z", "LastModifiedDate": "2022-11-08T13:37:42.66Z" }, { "VulnerabilityID": "CVE-2022-23219", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23219", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname", "Description": "The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-23219", "https://linux.oracle.com/cve/CVE-2022-23219.html", "https://linux.oracle.com/errata/ELSA-2022-9421.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-23219", "https://security.gentoo.org/glsa/202208-24", "https://sourceware.org/bugzilla/show_bug.cgi?id=22542", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5310-2", "https://www.cve.org/CVERecord?id=CVE-2022-23219", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-01-14T07:15:08.867Z", "LastModifiedDate": "2022-11-08T13:32:54.15Z" }, { "VulnerabilityID": "CVE-2020-1751", "PkgName": "libc6", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1751", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: array overflow in backtrace functions for powerpc", "Description": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 5.9, "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-1751", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751", "https://linux.oracle.com/cve/CVE-2020-1751.html", "https://linux.oracle.com/errata/ELSA-2020-4444.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-1751", "https://security.gentoo.org/glsa/202006-04", "https://security.netapp.com/advisory/ntap-20200430-0002/", "https://sourceware.org/bugzilla/show_bug.cgi?id=25423", "https://ubuntu.com/security/notices/USN-4416-1", "https://usn.ubuntu.com/4416-1/", "https://www.cve.org/CVERecord?id=CVE-2020-1751" ], "PublishedDate": "2020-04-17T19:15:14.437Z", "LastModifiedDate": "2023-11-07T03:19:33.177Z" }, { "VulnerabilityID": "CVE-2020-1752", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1752", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: use-after-free in glob() function when expanding ~user", "Description": "A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 3.7, "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-1752", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752", "https://linux.oracle.com/cve/CVE-2020-1752.html", "https://linux.oracle.com/errata/ELSA-2020-4444.html", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-1752", "https://security.gentoo.org/glsa/202101-20", "https://security.netapp.com/advisory/ntap-20200511-0005/", "https://sourceware.org/bugzilla/show_bug.cgi?id=25414", "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c", "https://ubuntu.com/security/notices/USN-4416-1", "https://usn.ubuntu.com/4416-1/", "https://www.cve.org/CVERecord?id=CVE-2020-1752" ], "PublishedDate": "2020-04-30T17:15:13.067Z", "LastModifiedDate": "2023-11-07T03:19:33.337Z" }, { "VulnerabilityID": "CVE-2020-6096", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-6096", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function", "Description": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.", "Severity": "HIGH", "CweIDs": [ "CWE-195", "CWE-191", "CWE-681" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-6096", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPYXTDOOB4PQGTYAMZAZNJIB3FF6YQXI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URXOIA2LDUKHQXK4BE55BQBRI6ZZG3Y6/", "https://nvd.nist.gov/vuln/detail/CVE-2020-6096", "https://security.gentoo.org/glsa/202101-20", "https://sourceware.org/bugzilla/attachment.cgi?id=12334", "https://sourceware.org/bugzilla/show_bug.cgi?id=25620", "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019", "https://ubuntu.com/security/notices/USN-4954-1", "https://ubuntu.com/security/notices/USN-5310-1", "https://www.cve.org/CVERecord?id=CVE-2020-6096", "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019" ], "PublishedDate": "2020-04-01T22:15:18.503Z", "LastModifiedDate": "2023-11-07T03:24:12.097Z" }, { "VulnerabilityID": "CVE-2021-3326", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3326", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters", "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.", "Severity": "HIGH", "CweIDs": [ "CWE-617" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2021/01/28/2", "https://access.redhat.com/security/cve/CVE-2021-3326", "https://bugs.chromium.org/p/project-zero/issues/detail?id=2146", "https://linux.oracle.com/cve/CVE-2021-3326.html", "https://linux.oracle.com/errata/ELSA-2021-9344.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-3326", "https://security.gentoo.org/glsa/202107-07", "https://security.netapp.com/advisory/ntap-20210304-0007/", "https://sourceware.org/bugzilla/show_bug.cgi?id=27256", "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888", "https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5699-1", "https://www.cve.org/CVERecord?id=CVE-2021-3326", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html" ], "PublishedDate": "2021-01-27T20:15:14.02Z", "LastModifiedDate": "2023-11-07T03:37:58.28Z" }, { "VulnerabilityID": "CVE-2021-3999", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3999", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Off-by-one buffer overflow/underflow in getcwd()", "Description": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.", "Severity": "HIGH", "CweIDs": [ "CWE-193" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3999.json", "https://access.redhat.com/security/cve/CVE-2021-3999", "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", "https://linux.oracle.com/cve/CVE-2021-3999.html", "https://linux.oracle.com/errata/ELSA-2022-9234.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-3999", "https://security-tracker.debian.org/tracker/CVE-2021-3999", "https://security.netapp.com/advisory/ntap-20221104-0001/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5310-2", "https://ubuntu.com/security/notices/USN-6762-1", "https://www.cve.org/CVERecord?id=CVE-2021-3999", "https://www.openwall.com/lists/oss-security/2022/01/24/4" ], "PublishedDate": "2022-08-24T16:15:09.077Z", "LastModifiedDate": "2023-02-12T23:43:11.643Z" }, { "VulnerabilityID": "CVE-2024-2961", "VendorIDs": [ "DLA-3807-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Out of bounds write in iconv may lead to remote code execution", "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/17/9", "http://www.openwall.com/lists/oss-security/2024/04/18/4", "http://www.openwall.com/lists/oss-security/2024/04/24/2", "http://www.openwall.com/lists/oss-security/2024/05/27/1", "http://www.openwall.com/lists/oss-security/2024/05/27/2", "http://www.openwall.com/lists/oss-security/2024/05/27/3", "http://www.openwall.com/lists/oss-security/2024/05/27/4", "http://www.openwall.com/lists/oss-security/2024/05/27/5", "http://www.openwall.com/lists/oss-security/2024/05/27/6", "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-2961", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://linux.oracle.com/cve/CVE-2024-2961.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", "https://security.netapp.com/advisory/ntap-20240531-0002/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", "https://ubuntu.com/security/notices/USN-6737-1", "https://ubuntu.com/security/notices/USN-6737-2", "https://ubuntu.com/security/notices/USN-6762-1", "https://www.cve.org/CVERecord?id=CVE-2024-2961", "https://www.openwall.com/lists/oss-security/2024/04/17/9" ], "PublishedDate": "2024-04-17T18:15:15.833Z", "LastModifiedDate": "2024-07-22T18:15:03.19Z" }, { "VulnerabilityID": "CVE-2024-33599", "VendorIDs": [ "DLA-3850-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: stack-based buffer overflow in netgroup cache", "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n", "Severity": "HIGH", "CweIDs": [ "CWE-121" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33599", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33599.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33599", "https://security.netapp.com/advisory/ntap-20240524-0011/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33599", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.437Z", "LastModifiedDate": "2024-07-22T18:15:03.323Z" }, { "VulnerabilityID": "CVE-2016-10228", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: iconv program can hang when invoked with the -c option", "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://openwall.com/lists/oss-security/2017/03/01/10", "http://www.securityfocus.com/bid/96525", "https://access.redhat.com/security/cve/CVE-2016-10228", "https://linux.oracle.com/cve/CVE-2016-10228.html", "https://linux.oracle.com/errata/ELSA-2021-9344.html", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2016-10228", "https://security.gentoo.org/glsa/202101-20", "https://sourceware.org/bugzilla/show_bug.cgi?id=19519", "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21", "https://sourceware.org/bugzilla/show_bug.cgi?id=26224", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5768-1", "https://www.cve.org/CVERecord?id=CVE-2016-10228", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2017-03-02T01:59:00.143Z", "LastModifiedDate": "2023-11-07T02:29:33.143Z" }, { "VulnerabilityID": "CVE-2019-25013", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-25013", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding", "Description": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-25013", "https://linux.oracle.com/cve/CVE-2019-25013.html", "https://linux.oracle.com/errata/ELSA-2021-9344.html", "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E", "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E", "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/", "https://nvd.nist.gov/vuln/detail/CVE-2019-25013", "https://security.gentoo.org/glsa/202107-07", "https://security.netapp.com/advisory/ntap-20210205-0004/", "https://sourceware.org/bugzilla/show_bug.cgi?id=24973", "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5768-1", "https://www.cve.org/CVERecord?id=CVE-2019-25013", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2021-01-04T18:15:13.027Z", "LastModifiedDate": "2023-11-09T14:44:33.733Z" }, { "VulnerabilityID": "CVE-2020-10029", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-10029", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions", "Description": "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 2.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.7 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html", "https://access.redhat.com/security/cve/CVE-2020-10029", "https://linux.oracle.com/cve/CVE-2020-10029.html", "https://linux.oracle.com/errata/ELSA-2021-0348.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23N76M3EDP2GIW4GOIQRYTKRE7PPBRB2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTFUD5VH2GU3YOXA2KBQSBIDZRDWNZ3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU5JJGENOK7K4X5RYAA5PL647C6HD22E/", "https://nvd.nist.gov/vuln/detail/CVE-2020-10029", "https://security.gentoo.org/glsa/202006-04", "https://security.netapp.com/advisory/ntap-20200327-0003/", "https://sourceware.org/bugzilla/show_bug.cgi?id=25487", "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=9333498794cde1d5cca518badf79533a24114b6f", "https://ubuntu.com/security/notices/USN-4416-1", "https://usn.ubuntu.com/4416-1/", "https://www.cve.org/CVERecord?id=CVE-2020-10029" ], "PublishedDate": "2020-03-04T15:15:13.083Z", "LastModifiedDate": "2023-11-07T03:14:05.347Z" }, { "VulnerabilityID": "CVE-2020-27618", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27618", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop", "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 2.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-27618", "https://linux.oracle.com/cve/CVE-2020-27618.html", "https://linux.oracle.com/errata/ELSA-2021-9344.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-27618", "https://security.gentoo.org/glsa/202107-07", "https://security.netapp.com/advisory/ntap-20210401-0006/", "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21", "https://sourceware.org/bugzilla/show_bug.cgi?id=26224", "https://ubuntu.com/security/notices/USN-5310-1", "https://ubuntu.com/security/notices/USN-5768-1", "https://www.cve.org/CVERecord?id=CVE-2020-27618", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html" ], "PublishedDate": "2021-02-26T23:15:11.123Z", "LastModifiedDate": "2022-10-28T20:06:38.603Z" }, { "VulnerabilityID": "CVE-2023-4806", "PkgName": "libc6", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4806", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: potential use-after-free in getaddrinfo()", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/03/4", "http://www.openwall.com/lists/oss-security/2023/10/03/5", "http://www.openwall.com/lists/oss-security/2023/10/03/6", "http://www.openwall.com/lists/oss-security/2023/10/03/8", "https://access.redhat.com/errata/RHSA-2023:5453", "https://access.redhat.com/errata/RHSA-2023:5455", "https://access.redhat.com/errata/RHSA-2023:7409", "https://access.redhat.com/security/cve/CVE-2023-4806", "https://bugzilla.redhat.com/2234712", "https://bugzilla.redhat.com/2237782", "https://bugzilla.redhat.com/2237798", "https://bugzilla.redhat.com/2238352", "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", "https://bugzilla.redhat.com/show_bug.cgi?id=2237798", "https://bugzilla.redhat.com/show_bug.cgi?id=2238352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4813", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911", "https://errata.almalinux.org/9/ALSA-2023-5453.html", "https://errata.rockylinux.org/RLSA-2023:5455", "https://linux.oracle.com/cve/CVE-2023-4806.html", "https://linux.oracle.com/errata/ELSA-2023-5455.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/", "https://nvd.nist.gov/vuln/detail/CVE-2023-4806", "https://security.gentoo.org/glsa/202310-03", "https://security.netapp.com/advisory/ntap-20240125-0008/", "https://ubuntu.com/security/notices/USN-6541-1", "https://ubuntu.com/security/notices/USN-6541-2", "https://www.cve.org/CVERecord?id=CVE-2023-4806" ], "PublishedDate": "2023-09-18T17:15:55.813Z", "LastModifiedDate": "2024-01-25T14:15:26.36Z" }, { "VulnerabilityID": "CVE-2023-4813", "PkgName": "libc6", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4813", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: potential use-after-free in gaih_inet()", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/03/8", "https://access.redhat.com/errata/RHSA-2023:5453", "https://access.redhat.com/errata/RHSA-2023:5455", "https://access.redhat.com/errata/RHSA-2023:7409", "https://access.redhat.com/security/cve/CVE-2023-4813", "https://bugzilla.redhat.com/2234712", "https://bugzilla.redhat.com/2237782", "https://bugzilla.redhat.com/2237798", "https://bugzilla.redhat.com/2238352", "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", "https://bugzilla.redhat.com/show_bug.cgi?id=2237798", "https://bugzilla.redhat.com/show_bug.cgi?id=2238352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4813", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911", "https://errata.almalinux.org/9/ALSA-2023-5453.html", "https://errata.rockylinux.org/RLSA-2023:5455", "https://linux.oracle.com/cve/CVE-2023-4813.html", "https://linux.oracle.com/errata/ELSA-2023-5455.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-4813", "https://security.netapp.com/advisory/ntap-20231110-0003/", "https://ubuntu.com/security/notices/USN-6541-1", "https://ubuntu.com/security/notices/USN-6541-2", "https://www.cve.org/CVERecord?id=CVE-2023-4813" ], "PublishedDate": "2023-09-12T22:15:08.277Z", "LastModifiedDate": "2024-01-21T01:49:46.697Z" }, { "VulnerabilityID": "CVE-2024-33600", "VendorIDs": [ "DLA-3850-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: null pointer dereferences after failed netgroup cache insertion", "Description": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33600", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33600.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33600", "https://security.netapp.com/advisory/ntap-20240524-0013/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33600", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.523Z", "LastModifiedDate": "2024-07-22T18:15:03.417Z" }, { "VulnerabilityID": "CVE-2024-33601", "VendorIDs": [ "DLA-3850-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33601", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: netgroup cache may terminate daemon on memory allocation failure", "Description": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33601", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33601.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33601", "https://security.netapp.com/advisory/ntap-20240524-0014/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33601", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.603Z", "LastModifiedDate": "2024-07-22T18:15:03.493Z" }, { "VulnerabilityID": "CVE-2024-33602", "VendorIDs": [ "DLA-3850-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33602", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings", "Description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-466" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33602", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33602.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", "https://security.netapp.com/advisory/ntap-20240524-0012/", "https://sourceware.org/bugzilla/show_bug.cgi?id=31680", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33602", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.68Z", "LastModifiedDate": "2024-07-22T18:15:03.583Z" }, { "VulnerabilityID": "CVE-2010-4756", "PkgName": "libc6", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "Severity": "LOW", "CweIDs": [ "CWE-399" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "V2Score": 4 }, "redhat": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V2Score": 5 } }, "References": [ "http://cxib.net/stuff/glob-0day.c", "http://securityreason.com/achievement_securityalert/89", "http://securityreason.com/exploitalert/9223", "https://access.redhat.com/security/cve/CVE-2010-4756", "https://bugzilla.redhat.com/show_bug.cgi?id=681681", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "https://www.cve.org/CVERecord?id=CVE-2010-4756" ], "PublishedDate": "2011-03-02T20:00:01.037Z", "LastModifiedDate": "2021-09-01T12:15:07.193Z" }, { "VulnerabilityID": "CVE-2018-20796", "PkgName": "libc6", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/107160", "https://access.redhat.com/security/cve/CVE-2018-20796", "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2018-20796" ], "PublishedDate": "2019-02-26T02:29:00.45Z", "LastModifiedDate": "2023-11-07T02:56:20.983Z" }, { "VulnerabilityID": "CVE-2019-1010022", "PkgName": "libc6", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: stack guard protection bypass", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010022", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", "https://ubuntu.com/security/CVE-2019-1010022", "https://www.cve.org/CVERecord?id=CVE-2019-1010022" ], "PublishedDate": "2019-07-15T04:15:13.317Z", "LastModifiedDate": "2024-08-05T03:15:25.083Z" }, { "VulnerabilityID": "CVE-2019-1010023", "PkgName": "libc6", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.securityfocus.com/bid/109167", "https://access.redhat.com/security/cve/CVE-2019-1010023", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010023", "https://www.cve.org/CVERecord?id=CVE-2019-1010023" ], "PublishedDate": "2019-07-15T04:15:13.397Z", "LastModifiedDate": "2024-08-05T03:15:25.183Z" }, { "VulnerabilityID": "CVE-2019-1010024", "PkgName": "libc6", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: ASLR bypass using cache of thread stack and heap", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/109162", "https://access.redhat.com/security/cve/CVE-2019-1010024", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010024", "https://www.cve.org/CVERecord?id=CVE-2019-1010024" ], "PublishedDate": "2019-07-15T04:15:13.473Z", "LastModifiedDate": "2024-08-05T03:15:25.26Z" }, { "VulnerabilityID": "CVE-2019-1010025", "PkgName": "libc6", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: information disclosure of heap addresses of pthread_created thread", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "Severity": "LOW", "CweIDs": [ "CWE-330" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010025", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010025", "https://www.cve.org/CVERecord?id=CVE-2019-1010025" ], "PublishedDate": "2019-07-15T04:15:13.537Z", "LastModifiedDate": "2024-08-05T03:15:25.333Z" }, { "VulnerabilityID": "CVE-2019-19126", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", "Severity": "LOW", "CweIDs": [ "CWE-665" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V2Score": 2.1, "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-19126", "https://linux.oracle.com/cve/CVE-2019-19126.html", "https://linux.oracle.com/errata/ELSA-2020-3861.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", "https://nvd.nist.gov/vuln/detail/CVE-2019-19126", "https://sourceware.org/bugzilla/show_bug.cgi?id=25204", "https://sourceware.org/ml/libc-alpha/2019-11/msg00649.html", "https://ubuntu.com/security/notices/USN-4416-1", "https://usn.ubuntu.com/4416-1/", "https://www.cve.org/CVERecord?id=CVE-2019-19126" ], "PublishedDate": "2019-11-19T22:15:11.427Z", "LastModifiedDate": "2023-11-07T03:07:31.533Z" }, { "VulnerabilityID": "CVE-2019-9192", "PkgName": "libc6", "InstalledVersion": "2.28-10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "V3Score": 2.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-9192", "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2019-9192" ], "PublishedDate": "2019-02-26T18:29:00.34Z", "LastModifiedDate": "2024-08-04T22:15:34.74Z" }, { "VulnerabilityID": "CVE-2021-27645", "VendorIDs": [ "DLA-3152-1" ], "PkgName": "libc6", "InstalledVersion": "2.28-10", "FixedVersion": "2.28-10+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-27645", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c", "Description": "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.", "Severity": "LOW", "CweIDs": [ "CWE-415" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V2Score": 1.9, "V3Score": 2.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-27645", "https://linux.oracle.com/cve/CVE-2021-27645.html", "https://linux.oracle.com/errata/ELSA-2021-9560.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/", "https://nvd.nist.gov/vuln/detail/CVE-2021-27645", "https://security.gentoo.org/glsa/202107-07", "https://sourceware.org/bugzilla/show_bug.cgi?id=27462", "https://ubuntu.com/security/notices/USN-5310-1", "https://www.cve.org/CVERecord?id=CVE-2021-27645" ], "PublishedDate": "2021-02-24T15:15:13.837Z", "LastModifiedDate": "2023-11-07T03:31:59.813Z" }, { "VulnerabilityID": "CVE-2022-1304", "PkgName": "libcom-err2", "InstalledVersion": "1.44.5-1+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1304", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "e2fsprogs: out-of-bounds read/write via crafted filesystem", "Description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "Severity": "HIGH", "CweIDs": [ "CWE-125", "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8361", "https://access.redhat.com/security/cve/CVE-2022-1304", "https://bugzilla.redhat.com/2069726", "https://bugzilla.redhat.com/show_bug.cgi?id=2069726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304", "https://errata.almalinux.org/9/ALSA-2022-8361.html", "https://errata.rockylinux.org/RLSA-2022:8361", "https://linux.oracle.com/cve/CVE-2022-1304.html", "https://linux.oracle.com/errata/ELSA-2022-8361.html", "https://marc.info/?l=linux-ext4\u0026m=165056234501732\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2022-1304", "https://ubuntu.com/security/notices/USN-5464-1", "https://www.cve.org/CVERecord?id=CVE-2022-1304" ], "PublishedDate": "2022-04-14T21:15:08.49Z", "LastModifiedDate": "2023-11-07T03:41:53.02Z" }, { "VulnerabilityID": "CVE-2019-8457", "PkgName": "libdb5.3", "InstalledVersion": "5.3.28+dfsg1-0.5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8457", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "sqlite: heap out-of-bound read in function rtreenode()", "Description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", "Severity": "CRITICAL", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html", "https://access.redhat.com/security/cve/CVE-2019-8457", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365", "https://linux.oracle.com/cve/CVE-2019-8457.html", "https://linux.oracle.com/errata/ELSA-2020-1810.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/", "https://nvd.nist.gov/vuln/detail/CVE-2019-8457", "https://security.netapp.com/advisory/ntap-20190606-0002/", "https://ubuntu.com/security/notices/USN-4004-1", "https://ubuntu.com/security/notices/USN-4004-2", "https://ubuntu.com/security/notices/USN-4019-1", "https://ubuntu.com/security/notices/USN-4019-2", "https://usn.ubuntu.com/4004-1/", "https://usn.ubuntu.com/4004-2/", "https://usn.ubuntu.com/4019-1/", "https://usn.ubuntu.com/4019-2/", "https://www.cve.org/CVERecord?id=CVE-2019-8457", "https://www.oracle.com/security-alerts/cpuapr2020.html", "https://www.oracle.com/security-alerts/cpujan2020.html", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "https://www.sqlite.org/releaselog/3_28_0.html", "https://www.sqlite.org/src/info/90acdbfce9c08858" ], "PublishedDate": "2019-05-30T16:29:01.84Z", "LastModifiedDate": "2023-11-07T03:13:30.25Z" }, { "VulnerabilityID": "CVE-2022-22822", "VendorIDs": [ "DSA-5073-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22822", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Integer overflow in addBinding in xmlparse.c", "Description": "addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "Severity": "CRITICAL", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/01/17/3", "https://access.redhat.com/errata/RHSA-2022:7692", "https://access.redhat.com/security/cve/CVE-2022-22822", "https://bugzilla.redhat.com/2044455", "https://bugzilla.redhat.com/2044457", "https://bugzilla.redhat.com/2044464", "https://bugzilla.redhat.com/2044467", "https://bugzilla.redhat.com/2044479", "https://bugzilla.redhat.com/2044484", "https://bugzilla.redhat.com/2044488", "https://bugzilla.redhat.com/show_bug.cgi?id=2044455", "https://bugzilla.redhat.com/show_bug.cgi?id=2044457", "https://bugzilla.redhat.com/show_bug.cgi?id=2044464", "https://bugzilla.redhat.com/show_bug.cgi?id=2044467", "https://bugzilla.redhat.com/show_bug.cgi?id=2044479", "https://bugzilla.redhat.com/show_bug.cgi?id=2044484", "https://bugzilla.redhat.com/show_bug.cgi?id=2044488", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "https://errata.almalinux.org/8/ALSA-2022-7692.html", "https://errata.rockylinux.org/RLSA-2022:7692", "https://github.com/libexpat/libexpat/pull/539", "https://linux.oracle.com/cve/CVE-2022-22822.html", "https://linux.oracle.com/errata/ELSA-2022-7692.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-22822", "https://security.gentoo.org/glsa/202209-24", "https://ubuntu.com/security/notices/USN-5288-1", "https://ubuntu.com/security/notices/USN-5455-1", "https://www.cve.org/CVERecord?id=CVE-2022-22822", "https://www.debian.org/security/2022/dsa-5073", "https://www.tenable.com/security/tns-2022-05" ], "PublishedDate": "2022-01-10T14:12:56.047Z", "LastModifiedDate": "2022-10-06T15:29:48.27Z" }, { "VulnerabilityID": "CVE-2022-22823", "VendorIDs": [ "DSA-5073-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22823", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Integer overflow in build_model in xmlparse.c", "Description": "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "Severity": "CRITICAL", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/01/17/3", "https://access.redhat.com/errata/RHSA-2022:7692", "https://access.redhat.com/security/cve/CVE-2022-22823", "https://bugzilla.redhat.com/2044455", "https://bugzilla.redhat.com/2044457", "https://bugzilla.redhat.com/2044464", "https://bugzilla.redhat.com/2044467", "https://bugzilla.redhat.com/2044479", "https://bugzilla.redhat.com/2044484", "https://bugzilla.redhat.com/2044488", "https://bugzilla.redhat.com/show_bug.cgi?id=2044455", "https://bugzilla.redhat.com/show_bug.cgi?id=2044457", "https://bugzilla.redhat.com/show_bug.cgi?id=2044464", "https://bugzilla.redhat.com/show_bug.cgi?id=2044467", "https://bugzilla.redhat.com/show_bug.cgi?id=2044479", "https://bugzilla.redhat.com/show_bug.cgi?id=2044484", "https://bugzilla.redhat.com/show_bug.cgi?id=2044488", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "https://errata.almalinux.org/8/ALSA-2022-7692.html", "https://errata.rockylinux.org/RLSA-2022:7692", "https://github.com/libexpat/libexpat/pull/539", "https://linux.oracle.com/cve/CVE-2022-22823.html", "https://linux.oracle.com/errata/ELSA-2022-7692.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-22823", "https://security.gentoo.org/glsa/202209-24", "https://ubuntu.com/security/notices/USN-5288-1", "https://ubuntu.com/security/notices/USN-5455-1", "https://www.cve.org/CVERecord?id=CVE-2022-22823", "https://www.debian.org/security/2022/dsa-5073", "https://www.tenable.com/security/tns-2022-05" ], "PublishedDate": "2022-01-10T14:12:56.27Z", "LastModifiedDate": "2022-10-06T14:47:42.973Z" }, { "VulnerabilityID": "CVE-2022-22824", "VendorIDs": [ "DSA-5073-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22824", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Integer overflow in defineAttribute in xmlparse.c", "Description": "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "Severity": "CRITICAL", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/01/17/3", "https://access.redhat.com/errata/RHSA-2022:7692", "https://access.redhat.com/security/cve/CVE-2022-22824", "https://bugzilla.redhat.com/2044455", "https://bugzilla.redhat.com/2044457", "https://bugzilla.redhat.com/2044464", "https://bugzilla.redhat.com/2044467", "https://bugzilla.redhat.com/2044479", "https://bugzilla.redhat.com/2044484", "https://bugzilla.redhat.com/2044488", "https://bugzilla.redhat.com/show_bug.cgi?id=2044455", "https://bugzilla.redhat.com/show_bug.cgi?id=2044457", "https://bugzilla.redhat.com/show_bug.cgi?id=2044464", "https://bugzilla.redhat.com/show_bug.cgi?id=2044467", "https://bugzilla.redhat.com/show_bug.cgi?id=2044479", "https://bugzilla.redhat.com/show_bug.cgi?id=2044484", "https://bugzilla.redhat.com/show_bug.cgi?id=2044488", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "https://errata.almalinux.org/8/ALSA-2022-7692.html", "https://errata.rockylinux.org/RLSA-2022:7692", "https://github.com/libexpat/libexpat/pull/539", "https://linux.oracle.com/cve/CVE-2022-22824.html", "https://linux.oracle.com/errata/ELSA-2022-7692.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-22824", "https://security.gentoo.org/glsa/202209-24", "https://ubuntu.com/security/notices/USN-5288-1", "https://ubuntu.com/security/notices/USN-5455-1", "https://www.cve.org/CVERecord?id=CVE-2022-22824", "https://www.debian.org/security/2022/dsa-5073", "https://www.tenable.com/security/tns-2022-05" ], "PublishedDate": "2022-01-10T14:12:56.567Z", "LastModifiedDate": "2022-10-06T14:47:33.437Z" }, { "VulnerabilityID": "CVE-2022-23852", "VendorIDs": [ "DSA-5073-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23852", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Integer overflow in function XML_GetBuffer", "Description": "Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.", "Severity": "CRITICAL", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:0951", "https://access.redhat.com/security/cve/CVE-2022-23852", "https://bugzilla.redhat.com/2044451", "https://bugzilla.redhat.com/2044455", "https://bugzilla.redhat.com/2044457", "https://bugzilla.redhat.com/2044464", "https://bugzilla.redhat.com/2044467", "https://bugzilla.redhat.com/2044479", "https://bugzilla.redhat.com/2044484", "https://bugzilla.redhat.com/2044488", "https://bugzilla.redhat.com/2044613", "https://bugzilla.redhat.com/2056363", "https://bugzilla.redhat.com/2056366", "https://bugzilla.redhat.com/2056370", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://errata.almalinux.org/8/ALSA-2022-0951.html", "https://github.com/libexpat/libexpat/pull/550", "https://linux.oracle.com/cve/CVE-2022-23852.html", "https://linux.oracle.com/errata/ELSA-2022-1069.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-23852", "https://security.gentoo.org/glsa/202209-24", "https://security.netapp.com/advisory/ntap-20220217-0001/", "https://ubuntu.com/security/notices/USN-5288-1", "https://www.cve.org/CVERecord?id=CVE-2022-23852", "https://www.debian.org/security/2022/dsa-5073", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.tenable.com/security/tns-2022-05" ], "PublishedDate": "2022-01-24T02:15:06.733Z", "LastModifiedDate": "2022-10-29T02:44:33.083Z" }, { "VulnerabilityID": "CVE-2022-25235", "VendorIDs": [ "DSA-5085-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25235", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution", "Description": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.", "Severity": "CRITICAL", "CweIDs": [ "CWE-116" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/02/19/1", "https://access.redhat.com/errata/RHSA-2022:7811", "https://access.redhat.com/security/cve/CVE-2022-25235", "https://blog.hartwork.org/posts/expat-2-4-5-released/", "https://bugzilla.redhat.com/2048356", "https://bugzilla.redhat.com/2056350", "https://bugzilla.redhat.com/2056354", "https://bugzilla.redhat.com/2056363", "https://bugzilla.redhat.com/2056366", "https://bugzilla.redhat.com/2056370", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://errata.almalinux.org/8/ALSA-2022-7811.html", "https://github.com/libexpat/libexpat/pull/562", "https://github.com/libexpat/libexpat/pull/562/commits/367ae600b48d74261bbc339b17e9318424049791 (fix)", "https://github.com/libexpat/libexpat/pull/562/commits/97cfdc3fa7dca759880d81e371901f4620279106 (tests)", "https://linux.oracle.com/cve/CVE-2022-25235.html", "https://linux.oracle.com/errata/ELSA-2022-9359.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "https://nvd.nist.gov/vuln/detail/CVE-2022-25235", "https://security.gentoo.org/glsa/202209-24", "https://security.netapp.com/advisory/ntap-20220303-0008/", "https://ubuntu.com/security/notices/USN-5288-1", "https://ubuntu.com/security/notices/USN-5455-1", "https://www.cve.org/CVERecord?id=CVE-2022-25235", "https://www.debian.org/security/2022/dsa-5085", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2022-02-16T01:15:07.607Z", "LastModifiedDate": "2023-11-07T03:44:44.94Z" }, { "VulnerabilityID": "CVE-2022-25236", "VendorIDs": [ "DSA-5085-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25236", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution", "Description": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", "Severity": "CRITICAL", "CweIDs": [ "CWE-668" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", "http://www.openwall.com/lists/oss-security/2022/02/19/1", "https://access.redhat.com/errata/RHSA-2022:7811", "https://access.redhat.com/security/cve/CVE-2022-25236", "https://blog.hartwork.org/posts/expat-2-4-5-released/", "https://bugzilla.redhat.com/2048356", "https://bugzilla.redhat.com/2056350", "https://bugzilla.redhat.com/2056354", "https://bugzilla.redhat.com/2056363", "https://bugzilla.redhat.com/2056366", "https://bugzilla.redhat.com/2056370", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://errata.almalinux.org/8/ALSA-2022-7811.html", "https://github.com/libexpat/libexpat/pull/561", "https://github.com/libexpat/libexpat/pull/561/commits/2de077423fb22750ebea599677d523b53cb93b1d (test)", "https://github.com/libexpat/libexpat/pull/561/commits/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4 (fix)", "https://github.com/libexpat/libexpat/pull/577", "https://linux.oracle.com/cve/CVE-2022-25236.html", "https://linux.oracle.com/errata/ELSA-2022-9359.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "https://nvd.nist.gov/vuln/detail/CVE-2022-25236", "https://security.gentoo.org/glsa/202209-24", "https://security.netapp.com/advisory/ntap-20220303-0008/", "https://ubuntu.com/security/notices/USN-5288-1", "https://ubuntu.com/security/notices/USN-5455-1", "https://www.cve.org/CVERecord?id=CVE-2022-25236", "https://www.debian.org/security/2022/dsa-5085", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2022-02-16T01:15:07.65Z", "LastModifiedDate": "2023-11-07T03:44:45.01Z" }, { "VulnerabilityID": "CVE-2022-25315", "VendorIDs": [ "DSA-5085-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25315", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Integer overflow in storeRawNames()", "Description": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.", "Severity": "CRITICAL", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/02/19/1", "https://access.redhat.com/errata/RHSA-2022:7811", "https://access.redhat.com/security/cve/CVE-2022-25315", "https://blog.hartwork.org/posts/expat-2-4-5-released/", "https://bugzilla.redhat.com/2048356", "https://bugzilla.redhat.com/2056350", "https://bugzilla.redhat.com/2056354", "https://bugzilla.redhat.com/2056363", "https://bugzilla.redhat.com/2056366", "https://bugzilla.redhat.com/2056370", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://errata.almalinux.org/8/ALSA-2022-7811.html", "https://github.com/libexpat/libexpat/pull/559", "https://linux.oracle.com/cve/CVE-2022-25315.html", "https://linux.oracle.com/errata/ELSA-2022-9359.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "https://nvd.nist.gov/vuln/detail/CVE-2022-25315", "https://security.gentoo.org/glsa/202209-24", "https://security.netapp.com/advisory/ntap-20220303-0008/", "https://ubuntu.com/security/notices/USN-5320-1", "https://www.cve.org/CVERecord?id=CVE-2022-25315", "https://www.debian.org/security/2022/dsa-5085", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2022-02-18T05:15:08.237Z", "LastModifiedDate": "2023-11-07T03:44:45.833Z" }, { "VulnerabilityID": "CVE-2021-45960", "VendorIDs": [ "DSA-5073-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-45960", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat", "Description": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).", "Severity": "HIGH", "CweIDs": [ "CWE-682" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 9, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/01/17/3", "https://access.redhat.com/errata/RHSA-2022:0951", "https://access.redhat.com/security/cve/CVE-2021-45960", "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609", "https://bugzilla.redhat.com/2044451", "https://bugzilla.redhat.com/2044455", "https://bugzilla.redhat.com/2044457", "https://bugzilla.redhat.com/2044464", "https://bugzilla.redhat.com/2044467", "https://bugzilla.redhat.com/2044479", "https://bugzilla.redhat.com/2044484", "https://bugzilla.redhat.com/2044488", "https://bugzilla.redhat.com/2044613", "https://bugzilla.redhat.com/2056363", "https://bugzilla.redhat.com/2056366", "https://bugzilla.redhat.com/2056370", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://errata.almalinux.org/8/ALSA-2022-0951.html", "https://github.com/libexpat/libexpat/issues/531", "https://github.com/libexpat/libexpat/pull/534", "https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea", "https://linux.oracle.com/cve/CVE-2021-45960.html", "https://linux.oracle.com/errata/ELSA-2022-1069.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-45960", "https://security.gentoo.org/glsa/202209-24", "https://security.netapp.com/advisory/ntap-20220121-0004/", "https://ubuntu.com/security/notices/USN-5288-1", "https://www.cve.org/CVERecord?id=CVE-2021-45960", "https://www.debian.org/security/2022/dsa-5073", "https://www.tenable.com/security/tns-2022-05" ], "PublishedDate": "2022-01-01T19:15:08.03Z", "LastModifiedDate": "2022-10-06T19:08:03.287Z" }, { "VulnerabilityID": "CVE-2021-46143", "VendorIDs": [ "DSA-5073-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46143", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Integer overflow in doProlog in xmlparse.c", "Description": "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/01/17/3", "https://access.redhat.com/errata/RHSA-2022:7692", "https://access.redhat.com/security/cve/CVE-2021-46143", "https://bugzilla.redhat.com/2044455", "https://bugzilla.redhat.com/2044457", "https://bugzilla.redhat.com/2044464", "https://bugzilla.redhat.com/2044467", "https://bugzilla.redhat.com/2044479", "https://bugzilla.redhat.com/2044484", "https://bugzilla.redhat.com/2044488", "https://bugzilla.redhat.com/show_bug.cgi?id=2044455", "https://bugzilla.redhat.com/show_bug.cgi?id=2044457", "https://bugzilla.redhat.com/show_bug.cgi?id=2044464", "https://bugzilla.redhat.com/show_bug.cgi?id=2044467", "https://bugzilla.redhat.com/show_bug.cgi?id=2044479", "https://bugzilla.redhat.com/show_bug.cgi?id=2044484", "https://bugzilla.redhat.com/show_bug.cgi?id=2044488", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "https://errata.almalinux.org/8/ALSA-2022-7692.html", "https://errata.rockylinux.org/RLSA-2022:7692", "https://github.com/libexpat/libexpat/issues/532", "https://github.com/libexpat/libexpat/pull/538", "https://linux.oracle.com/cve/CVE-2021-46143.html", "https://linux.oracle.com/errata/ELSA-2022-9227.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-46143", "https://security.gentoo.org/glsa/202209-24", "https://security.netapp.com/advisory/ntap-20220121-0006/", "https://ubuntu.com/security/notices/USN-5288-1", "https://ubuntu.com/security/notices/USN-5455-1", "https://www.cve.org/CVERecord?id=CVE-2021-46143", "https://www.debian.org/security/2022/dsa-5073", "https://www.tenable.com/security/tns-2022-05" ], "PublishedDate": "2022-01-06T04:15:07.017Z", "LastModifiedDate": "2022-10-06T19:11:54.88Z" }, { "VulnerabilityID": "CVE-2022-22825", "VendorIDs": [ "DSA-5073-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22825", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Integer overflow in lookup in xmlparse.c", "Description": "lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/01/17/3", "https://access.redhat.com/errata/RHSA-2022:7692", "https://access.redhat.com/security/cve/CVE-2022-22825", "https://bugzilla.redhat.com/2044455", "https://bugzilla.redhat.com/2044457", "https://bugzilla.redhat.com/2044464", "https://bugzilla.redhat.com/2044467", "https://bugzilla.redhat.com/2044479", "https://bugzilla.redhat.com/2044484", "https://bugzilla.redhat.com/2044488", "https://bugzilla.redhat.com/show_bug.cgi?id=2044455", "https://bugzilla.redhat.com/show_bug.cgi?id=2044457", "https://bugzilla.redhat.com/show_bug.cgi?id=2044464", "https://bugzilla.redhat.com/show_bug.cgi?id=2044467", "https://bugzilla.redhat.com/show_bug.cgi?id=2044479", "https://bugzilla.redhat.com/show_bug.cgi?id=2044484", "https://bugzilla.redhat.com/show_bug.cgi?id=2044488", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "https://errata.almalinux.org/8/ALSA-2022-7692.html", "https://errata.rockylinux.org/RLSA-2022:7692", "https://github.com/libexpat/libexpat/pull/539", "https://linux.oracle.com/cve/CVE-2022-22825.html", "https://linux.oracle.com/errata/ELSA-2022-7692.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-22825", "https://security.gentoo.org/glsa/202209-24", "https://ubuntu.com/security/notices/USN-5288-1", "https://ubuntu.com/security/notices/USN-5455-1", "https://www.cve.org/CVERecord?id=CVE-2022-22825", "https://www.debian.org/security/2022/dsa-5073", "https://www.tenable.com/security/tns-2022-05" ], "PublishedDate": "2022-01-10T14:12:56.847Z", "LastModifiedDate": "2022-10-06T14:47:18.037Z" }, { "VulnerabilityID": "CVE-2022-22826", "VendorIDs": [ "DSA-5073-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22826", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c", "Description": "nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/01/17/3", "https://access.redhat.com/errata/RHSA-2022:7692", "https://access.redhat.com/security/cve/CVE-2022-22826", "https://bugzilla.redhat.com/2044455", "https://bugzilla.redhat.com/2044457", "https://bugzilla.redhat.com/2044464", "https://bugzilla.redhat.com/2044467", "https://bugzilla.redhat.com/2044479", "https://bugzilla.redhat.com/2044484", "https://bugzilla.redhat.com/2044488", "https://bugzilla.redhat.com/show_bug.cgi?id=2044455", "https://bugzilla.redhat.com/show_bug.cgi?id=2044457", "https://bugzilla.redhat.com/show_bug.cgi?id=2044464", "https://bugzilla.redhat.com/show_bug.cgi?id=2044467", "https://bugzilla.redhat.com/show_bug.cgi?id=2044479", "https://bugzilla.redhat.com/show_bug.cgi?id=2044484", "https://bugzilla.redhat.com/show_bug.cgi?id=2044488", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "https://errata.almalinux.org/8/ALSA-2022-7692.html", "https://errata.rockylinux.org/RLSA-2022:7692", "https://github.com/libexpat/libexpat/pull/539", "https://linux.oracle.com/cve/CVE-2022-22826.html", "https://linux.oracle.com/errata/ELSA-2022-7692.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-22826", "https://security.gentoo.org/glsa/202209-24", "https://ubuntu.com/security/notices/USN-5288-1", "https://ubuntu.com/security/notices/USN-5455-1", "https://www.cve.org/CVERecord?id=CVE-2022-22826", "https://www.debian.org/security/2022/dsa-5073", "https://www.tenable.com/security/tns-2022-05" ], "PublishedDate": "2022-01-10T14:12:57.113Z", "LastModifiedDate": "2022-10-06T12:44:28.107Z" }, { "VulnerabilityID": "CVE-2022-22827", "VendorIDs": [ "DSA-5073-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22827", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Integer overflow in storeAtts in xmlparse.c", "Description": "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/01/17/3", "https://access.redhat.com/errata/RHSA-2022:7692", "https://access.redhat.com/security/cve/CVE-2022-22827", "https://bugzilla.redhat.com/2044455", "https://bugzilla.redhat.com/2044457", "https://bugzilla.redhat.com/2044464", "https://bugzilla.redhat.com/2044467", "https://bugzilla.redhat.com/2044479", "https://bugzilla.redhat.com/2044484", "https://bugzilla.redhat.com/2044488", "https://bugzilla.redhat.com/show_bug.cgi?id=2044455", "https://bugzilla.redhat.com/show_bug.cgi?id=2044457", "https://bugzilla.redhat.com/show_bug.cgi?id=2044464", "https://bugzilla.redhat.com/show_bug.cgi?id=2044467", "https://bugzilla.redhat.com/show_bug.cgi?id=2044479", "https://bugzilla.redhat.com/show_bug.cgi?id=2044484", "https://bugzilla.redhat.com/show_bug.cgi?id=2044488", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "https://errata.almalinux.org/8/ALSA-2022-7692.html", "https://errata.rockylinux.org/RLSA-2022:7692", "https://github.com/libexpat/libexpat/pull/539", "https://linux.oracle.com/cve/CVE-2022-22827.html", "https://linux.oracle.com/errata/ELSA-2022-7692.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-22827", "https://security.gentoo.org/glsa/202209-24", "https://ubuntu.com/security/notices/USN-5288-1", "https://ubuntu.com/security/notices/USN-5455-1", "https://www.cve.org/CVERecord?id=CVE-2022-22827", "https://www.debian.org/security/2022/dsa-5073", "https://www.tenable.com/security/tns-2022-05" ], "PublishedDate": "2022-01-10T14:12:57.363Z", "LastModifiedDate": "2022-10-06T12:52:17.23Z" }, { "VulnerabilityID": "CVE-2022-23990", "VendorIDs": [ "DSA-5073-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23990", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: integer overflow in the doProlog function", "Description": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:7811", "https://access.redhat.com/security/cve/CVE-2022-23990", "https://bugzilla.redhat.com/2048356", "https://bugzilla.redhat.com/2056350", "https://bugzilla.redhat.com/2056354", "https://bugzilla.redhat.com/2056363", "https://bugzilla.redhat.com/2056366", "https://bugzilla.redhat.com/2056370", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://errata.almalinux.org/8/ALSA-2022-7811.html", "https://github.com/libexpat/libexpat/pull/551", "https://linux.oracle.com/cve/CVE-2022-23990.html", "https://linux.oracle.com/errata/ELSA-2022-9232.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/", "https://nvd.nist.gov/vuln/detail/CVE-2022-23990", "https://security.gentoo.org/glsa/202209-24", "https://ubuntu.com/security/notices/USN-5288-1", "https://www.cve.org/CVERecord?id=CVE-2022-23990", "https://www.debian.org/security/2022/dsa-5073", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.tenable.com/security/tns-2022-05" ], "PublishedDate": "2022-01-26T19:15:08.517Z", "LastModifiedDate": "2023-11-07T03:44:21.59Z" }, { "VulnerabilityID": "CVE-2022-25314", "VendorIDs": [ "DSA-5085-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25314", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Integer overflow in copyString()", "Description": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/02/19/1", "https://access.redhat.com/errata/RHSA-2022:5244", "https://access.redhat.com/security/cve/CVE-2022-25314", "https://blog.hartwork.org/posts/expat-2-4-5-released/", "https://bugzilla.redhat.com/2056350", "https://bugzilla.redhat.com/2056354", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://errata.almalinux.org/9/ALSA-2022-5244.html", "https://github.com/libexpat/libexpat/pull/560", "https://linux.oracle.com/cve/CVE-2022-25314.html", "https://linux.oracle.com/errata/ELSA-2022-5314.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "https://nvd.nist.gov/vuln/detail/CVE-2022-25314", "https://security.gentoo.org/glsa/202209-24", "https://security.netapp.com/advisory/ntap-20220303-0008/", "https://ubuntu.com/security/notices/USN-5320-1", "https://www.cve.org/CVERecord?id=CVE-2022-25314", "https://www.debian.org/security/2022/dsa-5085", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2022-02-18T05:15:08.187Z", "LastModifiedDate": "2023-11-07T03:44:45.757Z" }, { "VulnerabilityID": "CVE-2022-40674", "VendorIDs": [ "DLA-3119-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-40674", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: a use-after-free in the doContent function in xmlparse.c", "Description": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:7020", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json", "https://access.redhat.com/security/cve/CVE-2022-40674", "https://blog.hartwork.org/posts/expat-2-4-9-released/", "https://bugzilla.redhat.com/2130769", "https://errata.almalinux.org/9/ALSA-2022-7020.html", "https://github.com/advisories/GHSA-2vq2-xc55-3j5m", "https://github.com/libexpat/libexpat/pull/629", "https://github.com/libexpat/libexpat/pull/640", "https://linux.oracle.com/cve/CVE-2022-40674.html", "https://linux.oracle.com/errata/ELSA-2022-9967.html", "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/", "https://nvd.nist.gov/vuln/detail/CVE-2022-40674", "https://security.gentoo.org/glsa/202209-24", "https://security.gentoo.org/glsa/202211-06", "https://security.netapp.com/advisory/ntap-20221028-0008/", "https://ubuntu.com/security/notices/USN-5638-1", "https://ubuntu.com/security/notices/USN-5638-2", "https://ubuntu.com/security/notices/USN-5638-4", "https://ubuntu.com/security/notices/USN-5726-1", "https://www.cve.org/CVERecord?id=CVE-2022-40674", "https://www.debian.org/security/2022/dsa-5236" ], "PublishedDate": "2022-09-14T11:15:54.02Z", "LastModifiedDate": "2023-11-07T03:52:34.463Z" }, { "VulnerabilityID": "CVE-2022-43680", "VendorIDs": [ "DLA-3165-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-43680", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate", "Description": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/12/28/5", "http://www.openwall.com/lists/oss-security/2024/01/03/5", "https://access.redhat.com/errata/RHSA-2023:0337", "https://access.redhat.com/security/cve/CVE-2022-43680", "https://bugzilla.redhat.com/2140059", "https://bugzilla.redhat.com/show_bug.cgi?id=2140059", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680", "https://errata.almalinux.org/9/ALSA-2023-0337.html", "https://errata.rockylinux.org/RLSA-2023:0337", "https://github.com/libexpat/libexpat/issues/649", "https://github.com/libexpat/libexpat/pull/616", "https://github.com/libexpat/libexpat/pull/650", "https://linux.oracle.com/cve/CVE-2022-43680.html", "https://linux.oracle.com/errata/ELSA-2023-0337.html", "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/", "https://nvd.nist.gov/vuln/detail/CVE-2022-43680", "https://security.gentoo.org/glsa/202210-38", "https://security.netapp.com/advisory/ntap-20221118-0007/", "https://ubuntu.com/security/notices/USN-5638-2", "https://ubuntu.com/security/notices/USN-5638-3", "https://ubuntu.com/security/notices/USN-5638-4", "https://www.cve.org/CVERecord?id=CVE-2022-43680", "https://www.debian.org/security/2022/dsa-5266" ], "PublishedDate": "2022-10-24T14:15:53.323Z", "LastModifiedDate": "2024-01-21T02:08:05.43Z" }, { "VulnerabilityID": "CVE-2023-52425", "VendorIDs": [ "DLA-3783-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52425", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: parsing large tokens can trigger a denial of service", "Description": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/20/5", "https://access.redhat.com/errata/RHSA-2024:1530", "https://access.redhat.com/security/cve/CVE-2023-52425", "https://bugzilla.redhat.com/2262877", "https://bugzilla.redhat.com/2268766", "https://bugzilla.redhat.com/show_bug.cgi?id=2262877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52425", "https://errata.almalinux.org/9/ALSA-2024-1530.html", "https://errata.rockylinux.org/RLSA-2024:1615", "https://github.com/libexpat/libexpat/pull/789", "https://linux.oracle.com/cve/CVE-2023-52425.html", "https://linux.oracle.com/errata/ELSA-2024-4259.html", "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/", "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", "https://security.netapp.com/advisory/ntap-20240614-0003/", "https://ubuntu.com/security/notices/USN-6694-1", "https://www.cve.org/CVERecord?id=CVE-2023-52425" ], "PublishedDate": "2024-02-04T20:15:46.063Z", "LastModifiedDate": "2024-06-14T13:15:49.877Z" }, { "VulnerabilityID": "CVE-2022-25313", "VendorIDs": [ "DSA-5085-1" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25313", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: Stack exhaustion in doctype parsing", "Description": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/02/19/1", "https://access.redhat.com/errata/RHSA-2022:5244", "https://access.redhat.com/security/cve/CVE-2022-25313", "https://blog.hartwork.org/posts/expat-2-4-5-released/", "https://bugzilla.redhat.com/2056350", "https://bugzilla.redhat.com/2056354", "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "https://errata.almalinux.org/9/ALSA-2022-5244.html", "https://github.com/libexpat/libexpat/pull/558", "https://linux.oracle.com/cve/CVE-2022-25313.html", "https://linux.oracle.com/errata/ELSA-2022-5314.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "https://nvd.nist.gov/vuln/detail/CVE-2022-25313", "https://security.gentoo.org/glsa/202209-24", "https://security.netapp.com/advisory/ntap-20220303-0008/", "https://ubuntu.com/security/notices/USN-5320-1", "https://www.cve.org/CVERecord?id=CVE-2022-25313", "https://www.debian.org/security/2022/dsa-5085", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2022-02-18T05:15:08.13Z", "LastModifiedDate": "2023-11-07T03:44:45.67Z" }, { "VulnerabilityID": "CVE-2013-0340", "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: internal entity expansion", "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", "Severity": "LOW", "CweIDs": [ "CWE-611" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V2Score": 6.8 }, "redhat": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V2Score": 4.3 } }, "References": [ "http://openwall.com/lists/oss-security/2013/02/22/3", "http://seclists.org/fulldisclosure/2021/Oct/61", "http://seclists.org/fulldisclosure/2021/Oct/62", "http://seclists.org/fulldisclosure/2021/Oct/63", "http://seclists.org/fulldisclosure/2021/Sep/33", "http://seclists.org/fulldisclosure/2021/Sep/34", "http://seclists.org/fulldisclosure/2021/Sep/35", "http://seclists.org/fulldisclosure/2021/Sep/38", "http://seclists.org/fulldisclosure/2021/Sep/39", "http://seclists.org/fulldisclosure/2021/Sep/40", "http://securitytracker.com/id?1028213", "http://www.openwall.com/lists/oss-security/2013/04/12/6", "http://www.openwall.com/lists/oss-security/2021/10/07/4", "http://www.osvdb.org/90634", "http://www.securityfocus.com/bid/58233", "https://access.redhat.com/security/cve/CVE-2013-0340", "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E", "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2013-0340", "https://security.gentoo.org/glsa/201701-21", "https://support.apple.com/kb/HT212804", "https://support.apple.com/kb/HT212805", "https://support.apple.com/kb/HT212807", "https://support.apple.com/kb/HT212814", "https://support.apple.com/kb/HT212815", "https://support.apple.com/kb/HT212819", "https://www.cve.org/CVERecord?id=CVE-2013-0340" ], "PublishedDate": "2014-01-21T18:55:09.117Z", "LastModifiedDate": "2023-11-07T02:13:49.033Z" }, { "VulnerabilityID": "CVE-2023-52426", "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52426", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: recursive XML entity expansion vulnerability", "Description": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", "Severity": "LOW", "CweIDs": [ "CWE-776" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52426", "https://cwe.mitre.org/data/definitions/776.html", "https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404", "https://github.com/libexpat/libexpat/pull/777", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/", "https://nvd.nist.gov/vuln/detail/CVE-2023-52426", "https://security.netapp.com/advisory/ntap-20240307-0005/", "https://www.cve.org/CVERecord?id=CVE-2023-52426" ], "PublishedDate": "2024-02-04T20:15:46.12Z", "LastModifiedDate": "2024-03-07T17:15:11.893Z" }, { "VulnerabilityID": "CVE-2024-28757", "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28757", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat: XML Entity Expansion", "Description": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).", "Severity": "LOW", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/15/1", "https://access.redhat.com/errata/RHSA-2024:1530", "https://access.redhat.com/security/cve/CVE-2024-28757", "https://bugzilla.redhat.com/2262877", "https://bugzilla.redhat.com/2268766", "https://errata.almalinux.org/9/ALSA-2024-1530.html", "https://github.com/libexpat/libexpat/issues/839", "https://github.com/libexpat/libexpat/pull/842", "https://linux.oracle.com/cve/CVE-2024-28757.html", "https://linux.oracle.com/errata/ELSA-2024-1530.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28757", "https://security.netapp.com/advisory/ntap-20240322-0001/", "https://ubuntu.com/security/notices/USN-6694-1", "https://www.cve.org/CVERecord?id=CVE-2024-28757" ], "PublishedDate": "2024-03-10T05:15:06.57Z", "LastModifiedDate": "2024-05-01T19:15:22.567Z" }, { "VulnerabilityID": "DSA-5085-2", "VendorIDs": [ "DSA-5085-2" ], "PkgName": "libexpat1", "InstalledVersion": "2.2.6-2+deb10u1", "FixedVersion": "2.2.6-2+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "expat - regression update", "Severity": "UNKNOWN" }, { "VulnerabilityID": "CVE-2022-1304", "PkgName": "libext2fs2", "InstalledVersion": "1.44.5-1+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1304", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "e2fsprogs: out-of-bounds read/write via crafted filesystem", "Description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "Severity": "HIGH", "CweIDs": [ "CWE-125", "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8361", "https://access.redhat.com/security/cve/CVE-2022-1304", "https://bugzilla.redhat.com/2069726", "https://bugzilla.redhat.com/show_bug.cgi?id=2069726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304", "https://errata.almalinux.org/9/ALSA-2022-8361.html", "https://errata.rockylinux.org/RLSA-2022:8361", "https://linux.oracle.com/cve/CVE-2022-1304.html", "https://linux.oracle.com/errata/ELSA-2022-8361.html", "https://marc.info/?l=linux-ext4\u0026m=165056234501732\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2022-1304", "https://ubuntu.com/security/notices/USN-5464-1", "https://www.cve.org/CVERecord?id=CVE-2022-1304" ], "PublishedDate": "2022-04-14T21:15:08.49Z", "LastModifiedDate": "2023-11-07T03:41:53.02Z" }, { "VulnerabilityID": "CVE-2024-28085", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "libfdisk1", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2024-06-10T17:16:24.37Z" }, { "VulnerabilityID": "CVE-2021-37600", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "libfdisk1", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", "Description": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 1.2, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-37600", "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", "https://github.com/karelzak/util-linux/issues/1395", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20210902-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-37600" ], "PublishedDate": "2021-07-30T14:15:18.737Z", "LastModifiedDate": "2024-08-04T02:15:24.44Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgName": "libfdisk1", "InstalledVersion": "2.33.1-0.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2024-01-07T09:15:08.713Z" }, { "VulnerabilityID": "CVE-2022-27404", "PkgName": "libfreetype6", "InstalledVersion": "2.9.1-3+deb10u1", "FixedVersion": "2.9.1-3+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27404", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "FreeType: Buffer overflow in sfnt_init_face", "Description": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8340", "https://access.redhat.com/security/cve/CVE-2022-27404", "https://bugzilla.redhat.com/2077985", "https://bugzilla.redhat.com/2077989", "https://bugzilla.redhat.com/2077991", "https://bugzilla.redhat.com/show_bug.cgi?id=2077985", "https://bugzilla.redhat.com/show_bug.cgi?id=2077989", "https://bugzilla.redhat.com/show_bug.cgi?id=2077991", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406", "https://errata.almalinux.org/9/ALSA-2022-8340.html", "https://errata.rockylinux.org/RLSA-2022:8340", "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138", "https://linux.oracle.com/cve/CVE-2022-27404.html", "https://linux.oracle.com/errata/ELSA-2022-8340.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27404", "https://security.gentoo.org/glsa/202402-06", "https://ubuntu.com/security/notices/USN-5528-1", "https://www.cve.org/CVERecord?id=CVE-2022-27404" ], "PublishedDate": "2022-04-22T14:15:09.423Z", "LastModifiedDate": "2024-02-29T01:34:23.613Z" }, { "VulnerabilityID": "CVE-2022-27405", "PkgName": "libfreetype6", "InstalledVersion": "2.9.1-3+deb10u1", "FixedVersion": "2.9.1-3+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27405", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "FreeType: Segmentation violation via FNT_Size_Request", "Description": "FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "http://freetype.com", "https://access.redhat.com/errata/RHSA-2022:8340", "https://access.redhat.com/security/cve/CVE-2022-27405", "https://bugzilla.redhat.com/2077985", "https://bugzilla.redhat.com/2077989", "https://bugzilla.redhat.com/2077991", "https://bugzilla.redhat.com/show_bug.cgi?id=2077985", "https://bugzilla.redhat.com/show_bug.cgi?id=2077989", "https://bugzilla.redhat.com/show_bug.cgi?id=2077991", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406", "https://errata.almalinux.org/9/ALSA-2022-8340.html", "https://errata.rockylinux.org/RLSA-2022:8340", "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139", "https://linux.oracle.com/cve/CVE-2022-27405.html", "https://linux.oracle.com/errata/ELSA-2022-8340.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27405", "https://security.gentoo.org/glsa/202402-06", "https://ubuntu.com/security/notices/USN-5528-1", "https://www.cve.org/CVERecord?id=CVE-2022-27405" ], "PublishedDate": "2022-04-22T14:15:09.483Z", "LastModifiedDate": "2024-02-29T01:34:23.723Z" }, { "VulnerabilityID": "CVE-2022-27406", "PkgName": "libfreetype6", "InstalledVersion": "2.9.1-3+deb10u1", "FixedVersion": "2.9.1-3+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27406", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Freetype: Segmentation violation via FT_Request_Size", "Description": "FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "http://freetype.com", "https://access.redhat.com/errata/RHSA-2022:8340", "https://access.redhat.com/security/cve/CVE-2022-27406", "https://bugzilla.redhat.com/2077985", "https://bugzilla.redhat.com/2077989", "https://bugzilla.redhat.com/2077991", "https://bugzilla.redhat.com/show_bug.cgi?id=2077985", "https://bugzilla.redhat.com/show_bug.cgi?id=2077989", "https://bugzilla.redhat.com/show_bug.cgi?id=2077991", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406", "https://errata.almalinux.org/9/ALSA-2022-8340.html", "https://errata.rockylinux.org/RLSA-2022:8340", "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140", "https://linux.oracle.com/cve/CVE-2022-27406.html", "https://linux.oracle.com/errata/ELSA-2022-8340.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27406", "https://security.gentoo.org/glsa/202402-06", "https://ubuntu.com/security/notices/USN-5453-1", "https://ubuntu.com/security/notices/USN-5528-1", "https://www.cve.org/CVERecord?id=CVE-2022-27406" ], "PublishedDate": "2022-04-22T14:15:09.537Z", "LastModifiedDate": "2024-02-29T01:34:23.797Z" }, { "VulnerabilityID": "CVE-2020-15999", "VendorIDs": [ "DSA-4777-1" ], "PkgName": "libfreetype6", "InstalledVersion": "2.9.1-3+deb10u1", "FixedVersion": "2.9.1-3+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-15999", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png", "Description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html", "http://seclists.org/fulldisclosure/2020/Nov/33", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json", "https://access.redhat.com/security/cve/CVE-2020-15999", "https://bugs.chromium.org/p/project-zero/issues/detail?id=2103", "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html", "https://crbug.com/1139963", "https://errata.almalinux.org/8/ALSA-2020-4952.html", "https://github.com/cefsharp/CefSharp", "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62", "https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html", "https://linux.oracle.com/cve/CVE-2020-15999.html", "https://linux.oracle.com/errata/ELSA-2020-4952.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7", "https://nvd.nist.gov/vuln/detail/CVE-2020-15999", "https://security.gentoo.org/glsa/202011-12", "https://security.gentoo.org/glsa/202012-04", "https://security.gentoo.org/glsa/202401-19", "https://ubuntu.com/security/notices/USN-4593-1", "https://ubuntu.com/security/notices/USN-4593-2", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "https://www.cve.org/CVERecord?id=CVE-2020-15999", "https://www.debian.org/security/2021/dsa-4824", "https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-15999", "https://www.nuget.org/packages/CefSharp.Common", "https://www.nuget.org/packages/CefSharp.WinForms", "https://www.nuget.org/packages/CefSharp.Wpf", "https://www.nuget.org/packages/CefSharp.Wpf.HwndHost" ], "PublishedDate": "2020-11-03T03:15:14.853Z", "LastModifiedDate": "2024-07-25T17:25:29.553Z" }, { "VulnerabilityID": "CVE-2022-31782", "PkgName": "libfreetype6", "InstalledVersion": "2.9.1-3+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-31782", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...", "Description": "ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 } }, "References": [ "https://gitlab.freedesktop.org/freetype/freetype-demos/-/issues/8", "https://ubuntu.com/security/notices/USN-5528-1", "https://www.cve.org/CVERecord?id=CVE-2022-31782" ], "PublishedDate": "2022-06-02T14:15:58Z", "LastModifiedDate": "2022-06-10T18:08:15.43Z" }, { "VulnerabilityID": "CVE-2018-12886", "PkgName": "libgcc1", "InstalledVersion": "8.3.0-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", "Severity": "HIGH", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-12886", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=89d7557202d25a393666ac4c0f7dbdab31e452a2", "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", "https://nvd.nist.gov/vuln/detail/CVE-2018-12886", "https://www.cve.org/CVERecord?id=CVE-2018-12886", "https://www.gnu.org/software/gcc/gcc-8/changes.html" ], "PublishedDate": "2019-05-22T19:29:00.297Z", "LastModifiedDate": "2020-08-24T17:37:01.14Z" }, { "VulnerabilityID": "CVE-2019-15847", "PkgName": "libgcc1", "InstalledVersion": "8.3.0-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15847", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", "Description": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", "Severity": "HIGH", "CweIDs": [ "CWE-331" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", "https://access.redhat.com/security/cve/CVE-2019-15847", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=457dac402027dd7e14543fbd59a75858422cf6c6", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e99bfdd2a8db732ea84cf0a6486707e5e821ad7e", "https://linux.oracle.com/cve/CVE-2019-15847.html", "https://linux.oracle.com/errata/ELSA-2020-1864.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-15847", "https://www.cve.org/CVERecord?id=CVE-2019-15847" ], "PublishedDate": "2019-09-02T23:15:10.837Z", "LastModifiedDate": "2020-09-17T13:38:06.51Z" }, { "VulnerabilityID": "CVE-2023-4039", "PkgName": "libgcc1", "InstalledVersion": "8.3.0-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4039", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64", "Description": "\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-693" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-4039", "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", "https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt", "https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html", "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", "https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org", "https://linux.oracle.com/cve/CVE-2023-4039.html", "https://linux.oracle.com/errata/ELSA-2023-28766.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-4039", "https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html", "https://www.cve.org/CVERecord?id=CVE-2023-4039" ], "PublishedDate": "2023-09-13T09:15:15.69Z", "LastModifiedDate": "2024-08-02T08:15:14.993Z" }, { "VulnerabilityID": "CVE-2021-33560", "PkgName": "libgcrypt20", "InstalledVersion": "1.8.4-5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33560", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm", "Description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.", "Severity": "HIGH", "CweIDs": [ "CWE-203" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33560.json", "https://access.redhat.com/security/cve/CVE-2021-33560", "https://dev.gnupg.org/T5305", "https://dev.gnupg.org/T5328", "https://dev.gnupg.org/T5466", "https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61", "https://eprint.iacr.org/2021/923", "https://errata.almalinux.org/8/ALSA-2021-4409.html", "https://linux.oracle.com/cve/CVE-2021-33560.html", "https://linux.oracle.com/errata/ELSA-2022-9263.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/", "https://nvd.nist.gov/vuln/detail/CVE-2021-33560", "https://security.gentoo.org/glsa/202210-13", "https://ubuntu.com/security/notices/USN-5080-1", "https://ubuntu.com/security/notices/USN-5080-2", "https://www.cve.org/CVERecord?id=CVE-2021-33560", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2021-06-08T11:15:07.767Z", "LastModifiedDate": "2023-11-07T03:35:52.62Z" }, { "VulnerabilityID": "CVE-2019-13627", "PkgName": "libgcrypt20", "InstalledVersion": "1.8.4-5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13627", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libgcrypt: ECDSA timing attack allowing private key leak", "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "V2Score": 2.6, "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 6.3 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html", "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html", "http://www.openwall.com/lists/oss-security/2019/10/02/2", "https://access.redhat.com/security/cve/CVE-2019-13627", "https://dev.gnupg.org/T4683", "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5", "https://linux.oracle.com/cve/CVE-2019-13627.html", "https://linux.oracle.com/errata/ELSA-2020-4482.html", "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html", "https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html", "https://minerva.crocs.fi.muni.cz/", "https://nvd.nist.gov/vuln/detail/CVE-2019-13627", "https://security-tracker.debian.org/tracker/CVE-2019-13627", "https://security.gentoo.org/glsa/202003-32", "https://ubuntu.com/security/notices/USN-4236-1", "https://ubuntu.com/security/notices/USN-4236-2", "https://ubuntu.com/security/notices/USN-4236-3", "https://usn.ubuntu.com/4236-1/", "https://usn.ubuntu.com/4236-2/", "https://usn.ubuntu.com/4236-3/", "https://www.cve.org/CVERecord?id=CVE-2019-13627" ], "PublishedDate": "2019-09-25T15:15:11.877Z", "LastModifiedDate": "2021-07-21T11:39:23.747Z" }, { "VulnerabilityID": "CVE-2021-40528", "PkgName": "libgcrypt20", "InstalledVersion": "1.8.4-5", "FixedVersion": "1.8.4-5+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-40528", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libgcrypt: ElGamal implementation allows plaintext recovery", "Description": "The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.", "Severity": "MEDIUM", "CweIDs": [ "CWE-327" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V2Score": 2.6, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:5311", "https://access.redhat.com/security/cve/CVE-2021-40528", "https://bugzilla.redhat.com/2002816", "https://bugzilla.redhat.com/show_bug.cgi?id=2002816", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40528", "https://dev.gnupg.org/rCb118681ebc4c9ea4b9da79b0f9541405a64f4c13", "https://eprint.iacr.org/2021/923", "https://errata.almalinux.org/8/ALSA-2022-5311.html", "https://errata.rockylinux.org/RLSA-2022:5311", "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320", "https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1", "https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2", "https://linux.oracle.com/cve/CVE-2021-40528.html", "https://linux.oracle.com/errata/ELSA-2022-9564.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-40528", "https://security.gentoo.org/glsa/202210-13", "https://ubuntu.com/security/notices/USN-5080-1", "https://ubuntu.com/security/notices/USN-5080-2", "https://www.cve.org/CVERecord?id=CVE-2021-40528" ], "PublishedDate": "2021-09-06T19:15:07.587Z", "LastModifiedDate": "2023-11-07T03:38:36.61Z" }, { "VulnerabilityID": "CVE-2024-2236", "PkgName": "libgcrypt20", "InstalledVersion": "1.8.4-5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libgcrypt: vulnerable to Marvin Attack", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Severity": "MEDIUM", "CweIDs": [ "CWE-208" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-2236", "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", "https://bugzilla.redhat.com/show_bug.cgi?id=2268268", "https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt", "https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17", "https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "https://www.cve.org/CVERecord?id=CVE-2024-2236" ], "PublishedDate": "2024-03-06T22:15:57.977Z", "LastModifiedDate": "2024-04-25T17:15:49.467Z" }, { "VulnerabilityID": "CVE-2018-6829", "PkgName": "libgcrypt20", "InstalledVersion": "1.8.4-5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6829", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information", "Description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "Severity": "LOW", "CweIDs": [ "CWE-327" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-6829", "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "https://www.cve.org/CVERecord?id=CVE-2018-6829", "https://www.oracle.com/security-alerts/cpujan2020.html" ], "PublishedDate": "2018-02-07T23:29:01.703Z", "LastModifiedDate": "2020-01-15T20:15:18.557Z" }, { "VulnerabilityID": "CVE-2017-6363", "PkgName": "libgd3", "InstalledVersion": "2.2.5-5.2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6363", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap- ...", "Description": "In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says \"In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V2Score": 5.8, "V3Score": 8.1 } }, "References": [ "https://github.com/libgd/libgd/commit/0be86e1926939a98afbd2f3a23c673dfc4df2a7c", "https://github.com/libgd/libgd/commit/2dbd8f6e66b73ed43d9b81a45350922b80f75397", "https://github.com/libgd/libgd/issues/383", "https://ubuntu.com/security/notices/USN-5068-1", "https://www.cve.org/CVERecord?id=CVE-2017-6363" ], "PublishedDate": "2020-02-27T05:15:11.007Z", "LastModifiedDate": "2024-08-05T16:15:21.487Z" }, { "VulnerabilityID": "CVE-2018-14553", "VendorIDs": [ "DLA-3781-1" ], "PkgName": "libgd3", "InstalledVersion": "2.2.5-5.2", "FixedVersion": "2.2.5-5.2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14553", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gd: NULL pointer dereference in gdImageClone", "Description": "gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "V3Score": 7.4 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html", "https://access.redhat.com/security/cve/CVE-2018-14553", "https://bugzilla.redhat.com/show_bug.cgi?id=1599032", "https://bugzilla.redhat.com/show_bug.cgi?id=1600727", "https://bugzilla.redhat.com/show_bug.cgi?id=1671390", "https://bugzilla.redhat.com/show_bug.cgi?id=1672207", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978", "https://errata.almalinux.org/8/ALSA-2020-4659.html", "https://errata.rockylinux.org/RLSA-2020:4659", "https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f", "https://github.com/libgd/libgd/pull/580", "https://linux.oracle.com/cve/CVE-2018-14553.html", "https://linux.oracle.com/errata/ELSA-2020-4659.html", "https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html", "https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/", "https://nvd.nist.gov/vuln/detail/CVE-2018-14553", "https://ubuntu.com/security/notices/USN-4316-1", "https://ubuntu.com/security/notices/USN-4316-2", "https://usn.ubuntu.com/4316-1/", "https://usn.ubuntu.com/4316-2/", "https://www.cve.org/CVERecord?id=CVE-2018-14553" ], "PublishedDate": "2020-02-11T13:15:11.197Z", "LastModifiedDate": "2024-04-07T01:17:53.117Z" }, { "VulnerabilityID": "CVE-2021-38115", "VendorIDs": [ "DLA-3781-1" ], "PkgName": "libgd3", "InstalledVersion": "2.2.5-5.2", "FixedVersion": "2.2.5-5.2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-38115", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...", "Description": "read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 } }, "References": [ "https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032", "https://github.com/libgd/libgd/issues/697", "https://github.com/libgd/libgd/pull/711/commits/8b111b2b4a4842179be66db68d84dda91a246032", "https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-38115", "https://ubuntu.com/security/notices/USN-5068-1", "https://www.cve.org/CVERecord?id=CVE-2021-38115" ], "PublishedDate": "2021-08-04T21:15:08.17Z", "LastModifiedDate": "2024-04-07T01:17:53.337Z" }, { "VulnerabilityID": "CVE-2021-40812", "VendorIDs": [ "DLA-3781-1" ], "PkgName": "libgd3", "InstalledVersion": "2.2.5-5.2", "FixedVersion": "2.2.5-5.2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-40812", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...", "Description": "The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 } }, "References": [ "https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9", "https://github.com/libgd/libgd/issues/750#issuecomment-914872385", "https://github.com/libgd/libgd/issues/757", "https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-40812", "https://www.cve.org/CVERecord?id=CVE-2021-40812" ], "PublishedDate": "2021-09-08T21:15:14.083Z", "LastModifiedDate": "2024-04-07T01:17:53.437Z" }, { "VulnerabilityID": "CVE-2021-40145", "PkgName": "libgd3", "InstalledVersion": "2.2.5-5.2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-40145", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) throu ...", "Description": "gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is \"The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.", "Severity": "LOW", "CweIDs": [ "CWE-415" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 } }, "References": [ "https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af", "https://github.com/libgd/libgd/issues/700", "https://github.com/libgd/libgd/pull/713", "https://nvd.nist.gov/vuln/detail/CVE-2021-40145", "https://ubuntu.com/security/notices/USN-5068-1", "https://www.cve.org/CVERecord?id=CVE-2021-40145" ], "PublishedDate": "2021-08-26T01:15:11.747Z", "LastModifiedDate": "2024-08-04T03:15:20.977Z" }, { "VulnerabilityID": "CVE-2021-43618", "PkgName": "libgmp10", "InstalledVersion": "2:6.1.2+dfsg-4", "FixedVersion": "2:6.1.2+dfsg-4+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-43618", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gmp: Integer overflow and resultant buffer overflow via crafted input", "Description": "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "http://seclists.org/fulldisclosure/2022/Oct/8", "http://www.openwall.com/lists/oss-security/2022/10/13/3", "https://access.redhat.com/errata/RHSA-2023:6661", "https://access.redhat.com/security/cve/CVE-2021-43618", "https://bugs.debian.org/994405", "https://bugzilla.redhat.com/2024904", "https://errata.almalinux.org/9/ALSA-2023-6661.html", "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html", "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e", "https://linux.oracle.com/cve/CVE-2021-43618.html", "https://linux.oracle.com/errata/ELSA-2024-3214.html", "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-43618", "https://security.gentoo.org/glsa/202309-13", "https://security.netapp.com/advisory/ntap-20221111-0001/", "https://ubuntu.com/security/notices/USN-5672-1", "https://ubuntu.com/security/notices/USN-5672-2", "https://www.cve.org/CVERecord?id=CVE-2021-43618" ], "PublishedDate": "2021-11-15T04:15:06.873Z", "LastModifiedDate": "2023-09-29T15:15:10.04Z" }, { "VulnerabilityID": "CVE-2021-20231", "PkgName": "libgnutls30", "InstalledVersion": "3.6.7-4+deb10u3", "FixedVersion": "3.6.7-4+deb10u7", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20231", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnutls: Use after free in client key_share extension", "Description": "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.", "Severity": "CRITICAL", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-20231", "https://bugzilla.redhat.com/show_bug.cgi?id=1776250", "https://bugzilla.redhat.com/show_bug.cgi?id=1908110", "https://bugzilla.redhat.com/show_bug.cgi?id=1908334", "https://bugzilla.redhat.com/show_bug.cgi?id=1922275", "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", "https://bugzilla.redhat.com/show_bug.cgi?id=1965445", "https://bugzilla.redhat.com/show_bug.cgi?id=1967983", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20231", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20232", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3580", "https://errata.almalinux.org/8/ALSA-2021-4451.html", "https://errata.rockylinux.org/RLSA-2021:4451", "https://gitlab.com/gnutls/gnutls/-/issues/1151", "https://linux.oracle.com/cve/CVE-2021-20231.html", "https://linux.oracle.com/errata/ELSA-2022-9221.html", "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/", "https://nvd.nist.gov/vuln/detail/CVE-2021-20231", "https://security.netapp.com/advisory/ntap-20210416-0005/", "https://ubuntu.com/security/notices/USN-5029-1", "https://www.cve.org/CVERecord?id=CVE-2021-20231", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10" ], "PublishedDate": "2021-03-12T19:15:13.037Z", "LastModifiedDate": "2023-11-07T03:29:01.16Z" }, { "VulnerabilityID": "CVE-2021-20232", "PkgName": "libgnutls30", "InstalledVersion": "3.6.7-4+deb10u3", "FixedVersion": "3.6.7-4+deb10u7", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20232", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c", "Description": "A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.", "Severity": "CRITICAL", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-20232", "https://bugzilla.redhat.com/show_bug.cgi?id=1776250", "https://bugzilla.redhat.com/show_bug.cgi?id=1908110", "https://bugzilla.redhat.com/show_bug.cgi?id=1908334", "https://bugzilla.redhat.com/show_bug.cgi?id=1922275", "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", "https://bugzilla.redhat.com/show_bug.cgi?id=1965445", "https://bugzilla.redhat.com/show_bug.cgi?id=1967983", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20231", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20232", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3580", "https://errata.almalinux.org/8/ALSA-2021-4451.html", "https://errata.rockylinux.org/RLSA-2021:4451", "https://gitlab.com/gnutls/gnutls/-/issues/1151", "https://linux.oracle.com/cve/CVE-2021-20232.html", "https://linux.oracle.com/errata/ELSA-2022-9221.html", "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E", "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/", "https://nvd.nist.gov/vuln/detail/CVE-2021-20232", "https://security.netapp.com/advisory/ntap-20210416-0005/", "https://ubuntu.com/security/notices/USN-5029-1", "https://www.cve.org/CVERecord?id=CVE-2021-20232", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10" ], "PublishedDate": "2021-03-12T19:15:13.13Z", "LastModifiedDate": "2023-11-07T03:29:01.273Z" }, { "VulnerabilityID": "CVE-2020-13777", "VendorIDs": [ "DSA-4697-1" ], "PkgName": "libgnutls30", "InstalledVersion": "3.6.7-4+deb10u3", "FixedVersion": "3.6.7-4+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13777", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnutls: session resumption works without master key allowing MITM", "Description": "GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.", "Severity": "HIGH", "CweIDs": [ "CWE-327" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V2Score": 5.8, "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html", "https://access.redhat.com/security/cve/CVE-2020-13777", "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03", "https://linux.oracle.com/cve/CVE-2020-13777.html", "https://linux.oracle.com/errata/ELSA-2020-2637.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/", "https://nvd.nist.gov/vuln/detail/CVE-2020-13777", "https://security.gentoo.org/glsa/202006-01", "https://security.netapp.com/advisory/ntap-20200619-0004/", "https://ubuntu.com/security/notices/USN-4384-1", "https://usn.ubuntu.com/4384-1/", "https://www.cve.org/CVERecord?id=CVE-2020-13777", "https://www.debian.org/security/2020/dsa-4697", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-06-03" ], "PublishedDate": "2020-06-04T07:15:10Z", "LastModifiedDate": "2023-11-07T03:16:58.407Z" }, { "VulnerabilityID": "CVE-2020-24659", "PkgName": "libgnutls30", "InstalledVersion": "3.6.7-4+deb10u3", "FixedVersion": "3.6.7-4+deb10u7", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-24659", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent", "Description": "An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.", "Severity": "HIGH", "CweIDs": [ "CWE-476", "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html", "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html", "https://access.redhat.com/security/cve/CVE-2020-24659", "https://gitlab.com/gnutls/gnutls/-/issues/1071", "https://linux.oracle.com/cve/CVE-2020-24659.html", "https://linux.oracle.com/errata/ELSA-2020-5483.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/", "https://nvd.nist.gov/vuln/detail/CVE-2020-24659", "https://security.gentoo.org/glsa/202009-01", "https://security.netapp.com/advisory/ntap-20200911-0006/", "https://ubuntu.com/security/notices/USN-4491-1", "https://usn.ubuntu.com/4491-1/", "https://www.cve.org/CVERecord?id=CVE-2020-24659", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04" ], "PublishedDate": "2020-09-04T15:15:10.803Z", "LastModifiedDate": "2023-11-07T03:20:09.497Z" }, { "VulnerabilityID": "CVE-2022-2509", "VendorIDs": [ "DLA-3070-1" ], "PkgName": "libgnutls30", "InstalledVersion": "3.6.7-4+deb10u3", "FixedVersion": "3.6.7-4+deb10u9", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2509", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnutls: Double free during gnutls_pkcs7_verify", "Description": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:6854", "https://access.redhat.com/security/cve/CVE-2022-2509", "https://bugzilla.redhat.com/2108977", "https://bugzilla.redhat.com/show_bug.cgi?id=2076626", "https://bugzilla.redhat.com/show_bug.cgi?id=2108635", "https://bugzilla.redhat.com/show_bug.cgi?id=2108977", "https://bugzilla.redhat.com/show_bug.cgi?id=2119770", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509", "https://errata.almalinux.org/9/ALSA-2022-6854.html", "https://errata.rockylinux.org/RLSA-2022:6854", "https://gnutls.org/security-new.html (GNUTLS-SA-2022-07-07)", "https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07", "https://linux.oracle.com/cve/CVE-2022-2509.html", "https://linux.oracle.com/errata/ELSA-2022-7105.html", "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/", "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2509", "https://ubuntu.com/security/notices/USN-5550-1", "https://www.cve.org/CVERecord?id=CVE-2022-2509", "https://www.debian.org/security/2022/dsa-5203" ], "PublishedDate": "2022-08-01T14:15:09.89Z", "LastModifiedDate": "2023-11-07T03:46:37.7Z" }, { "VulnerabilityID": "CVE-2023-0361", "VendorIDs": [ "DLA-3321-1" ], "PkgName": "libgnutls30", "InstalledVersion": "3.6.7-4+deb10u3", "FixedVersion": "3.6.7-4+deb10u10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0361", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnutls: timing side-channel in the TLS RSA key exchange code", "Description": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "Severity": "HIGH", "CweIDs": [ "CWE-203" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:1141", "https://access.redhat.com/security/cve/CVE-2023-0361", "https://bugzilla.redhat.com/2162596", "https://bugzilla.redhat.com/show_bug.cgi?id=2144537", "https://bugzilla.redhat.com/show_bug.cgi?id=2149640", "https://bugzilla.redhat.com/show_bug.cgi?id=2162596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0361", "https://errata.almalinux.org/9/ALSA-2023-1141.html", "https://errata.rockylinux.org/RLSA-2023:1141", "https://github.com/tlsfuzzer/tlsfuzzer/pull/679", "https://gitlab.com/gnutls/gnutls/-/issues/1050", "https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14", "https://linux.oracle.com/cve/CVE-2023-0361.html", "https://linux.oracle.com/errata/ELSA-2023-1569.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/", "https://nvd.nist.gov/vuln/detail/CVE-2023-0361", "https://security.netapp.com/advisory/ntap-20230324-0005/", "https://security.netapp.com/advisory/ntap-20230725-0005/", "https://ubuntu.com/security/notices/USN-5901-1", "https://www.cve.org/CVERecord?id=CVE-2023-0361" ], "PublishedDate": "2023-02-15T18:15:11.683Z", "LastModifiedDate": "2023-11-07T04:00:17.737Z" }, { "VulnerabilityID": "CVE-2024-0553", "VendorIDs": [ "DLA-3740-1" ], "PkgName": "libgnutls30", "InstalledVersion": "3.6.7-4+deb10u3", "FixedVersion": "3.6.7-4+deb10u12", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0553", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnutls: incomplete fix for CVE-2023-5981", "Description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "Severity": "HIGH", "CweIDs": [ "CWE-203" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/19/3", "https://access.redhat.com/errata/RHSA-2024:0533", "https://access.redhat.com/errata/RHSA-2024:0627", "https://access.redhat.com/errata/RHSA-2024:0796", "https://access.redhat.com/errata/RHSA-2024:1082", "https://access.redhat.com/errata/RHSA-2024:1108", "https://access.redhat.com/errata/RHSA-2024:1383", "https://access.redhat.com/errata/RHSA-2024:2094", "https://access.redhat.com/security/cve/CVE-2024-0553", "https://bugzilla.redhat.com/2248445", "https://bugzilla.redhat.com/2258412", "https://bugzilla.redhat.com/2258544", "https://bugzilla.redhat.com/show_bug.cgi?id=2258412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0553", "https://errata.almalinux.org/9/ALSA-2024-0533.html", "https://errata.rockylinux.org/RLSA-2024:0627", "https://gitlab.com/gnutls/gnutls/-/issues/1522", "https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-14", "https://linux.oracle.com/cve/CVE-2024-0553.html", "https://linux.oracle.com/errata/ELSA-2024-12336.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-0553", "https://security.netapp.com/advisory/ntap-20240202-0011/", "https://ubuntu.com/security/notices/USN-6593-1", "https://www.cve.org/CVERecord?id=CVE-2024-0553" ], "PublishedDate": "2024-01-16T12:15:45.557Z", "LastModifiedDate": "2024-07-08T18:15:06.153Z" }, { "VulnerabilityID": "CVE-2021-4209", "VendorIDs": [ "DLA-3070-1" ], "PkgName": "libgnutls30", "InstalledVersion": "3.6.7-4+deb10u3", "FixedVersion": "3.6.7-4+deb10u9", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4209", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "GnuTLS: Null pointer dereference in MD_UPDATE", "Description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-4209", "https://bugzilla.redhat.com/show_bug.cgi?id=2044156", "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568", "https://gitlab.com/gnutls/gnutls/-/issues/1306", "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503", "https://nvd.nist.gov/vuln/detail/CVE-2021-4209", "https://security.netapp.com/advisory/ntap-20220915-0005/", "https://ubuntu.com/security/notices/USN-5550-1", "https://ubuntu.com/security/notices/USN-5750-1", "https://www.cve.org/CVERecord?id=CVE-2021-4209" ], "PublishedDate": "2022-08-24T16:15:09.927Z", "LastModifiedDate": "2022-10-27T16:57:33.273Z" }, { "VulnerabilityID": "CVE-2023-5981", "VendorIDs": [ "DLA-3660-1" ], "PkgName": "libgnutls30", "InstalledVersion": "3.6.7-4+deb10u3", "FixedVersion": "3.6.7-4+deb10u11", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5981", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnutls: timing side-channel in the RSA-PSK authentication", "Description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/19/3", "https://access.redhat.com/errata/RHSA-2024:0155", "https://access.redhat.com/errata/RHSA-2024:0319", "https://access.redhat.com/errata/RHSA-2024:0399", "https://access.redhat.com/errata/RHSA-2024:0451", "https://access.redhat.com/errata/RHSA-2024:0533", "https://access.redhat.com/errata/RHSA-2024:1383", "https://access.redhat.com/errata/RHSA-2024:2094", "https://access.redhat.com/security/cve/CVE-2023-5981", "https://bugzilla.redhat.com/2248445", "https://bugzilla.redhat.com/2258412", "https://bugzilla.redhat.com/2258544", "https://bugzilla.redhat.com/show_bug.cgi?id=2248445", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5981", "https://errata.almalinux.org/9/ALSA-2024-0533.html", "https://errata.rockylinux.org/RLSA-2024:0155", "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23", "https://linux.oracle.com/cve/CVE-2023-5981.html", "https://linux.oracle.com/errata/ELSA-2024-12336.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5981", "https://ubuntu.com/security/notices/USN-6499-1", "https://ubuntu.com/security/notices/USN-6499-2", "https://www.cve.org/CVERecord?id=CVE-2023-5981" ], "PublishedDate": "2023-11-28T12:15:07.04Z", "LastModifiedDate": "2024-07-08T18:15:04.087Z" }, { "VulnerabilityID": "CVE-2011-3389", "PkgName": "libgnutls30", "InstalledVersion": "3.6.7-4+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "Severity": "LOW", "CweIDs": [ "CWE-326" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "V2Score": 4.3 }, "redhat": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "V2Score": 4.3 } }, "References": [ "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", "http://curl.haxx.se/docs/adv_20120124B.html", "http://downloads.asterisk.org/pub/security/AST-2016-001.html", "http://ekoparty.org/2011/juliano-rizzo.php", "http://eprint.iacr.org/2004/111", "http://eprint.iacr.org/2006/136", "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", "http://osvdb.org/74829", "http://rhn.redhat.com/errata/RHSA-2012-0508.html", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://secunia.com/advisories/45791", "http://secunia.com/advisories/47998", "http://secunia.com/advisories/48256", "http://secunia.com/advisories/48692", "http://secunia.com/advisories/48915", "http://secunia.com/advisories/48948", "http://secunia.com/advisories/49198", "http://secunia.com/advisories/55322", "http://secunia.com/advisories/55350", "http://secunia.com/advisories/55351", "http://security.gentoo.org/glsa/glsa-201203-02.xml", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://support.apple.com/kb/HT4999", "http://support.apple.com/kb/HT5001", "http://support.apple.com/kb/HT5130", "http://support.apple.com/kb/HT5281", "http://support.apple.com/kb/HT5501", "http://support.apple.com/kb/HT6150", "http://technet.microsoft.com/security/advisory/2588513", "http://vnhacker.blogspot.com/2011/09/beast.html", "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", "http://www.debian.org/security/2012/dsa-2398", "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", "http://www.ibm.com/developerworks/java/jdk/alerts/", "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", "http://www.insecure.cl/Beast-SSL.rar", "http://www.kb.cert.org/vuls/id/864643", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", "http://www.opera.com/docs/changelogs/mac/1151/", "http://www.opera.com/docs/changelogs/mac/1160/", "http://www.opera.com/docs/changelogs/unix/1151/", "http://www.opera.com/docs/changelogs/unix/1160/", "http://www.opera.com/docs/changelogs/windows/1151/", "http://www.opera.com/docs/changelogs/windows/1160/", "http://www.opera.com/support/kb/view/1004/", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "http://www.redhat.com/support/errata/RHSA-2011-1384.html", "http://www.redhat.com/support/errata/RHSA-2012-0006.html", "http://www.securityfocus.com/bid/49388", "http://www.securityfocus.com/bid/49778", "http://www.securitytracker.com/id/1029190", "http://www.securitytracker.com/id?1025997", "http://www.securitytracker.com/id?1026103", "http://www.securitytracker.com/id?1026704", "http://www.ubuntu.com/usn/USN-1263-1", "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", "https://access.redhat.com/security/cve/CVE-2011-3389", "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", "https://bugzilla.novell.com/show_bug.cgi?id=719047", "https://bugzilla.redhat.com/show_bug.cgi?id=737506", "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", "https://hermes.opensuse.org/messages/13154861", "https://hermes.opensuse.org/messages/13155432", "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "https://linux.oracle.com/cve/CVE-2011-3389.html", "https://linux.oracle.com/errata/ELSA-2011-1380.html", "https://nvd.nist.gov/vuln/detail/CVE-2011-3389", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", "https://ubuntu.com/security/notices/USN-1263-1", "https://www.cve.org/CVERecord?id=CVE-2011-3389" ], "PublishedDate": "2011-09-06T19:55:03.197Z", "LastModifiedDate": "2022-11-29T15:56:08.637Z" }, { "VulnerabilityID": "CVE-2021-20305", "VendorIDs": [ "DSA-4933-1" ], "PkgName": "libhogweed4", "InstalledVersion": "3.4.1-1", "FixedVersion": "3.4.1-1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20305", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "nettle: Out of bounds memory access in signature verification", "Description": "A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA \u0026 ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.", "Severity": "HIGH", "CweIDs": [ "CWE-787", "CWE-327" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-20305", "https://bugzilla.redhat.com/show_bug.cgi?id=1942533", "https://linux.oracle.com/cve/CVE-2021-20305.html", "https://linux.oracle.com/errata/ELSA-2021-1206.html", "https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/", "https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-20305", "https://security.gentoo.org/glsa/202105-31", "https://security.netapp.com/advisory/ntap-20211022-0002/", "https://ubuntu.com/security/notices/USN-4906-1", "https://www.cve.org/CVERecord?id=CVE-2021-20305", "https://www.debian.org/security/2021/dsa-4933" ], "PublishedDate": "2021-04-05T22:15:12.727Z", "LastModifiedDate": "2023-11-07T03:29:05.253Z" }, { "VulnerabilityID": "CVE-2021-3580", "VendorIDs": [ "DSA-4933-1" ], "PkgName": "libhogweed4", "InstalledVersion": "3.4.1-1", "FixedVersion": "3.4.1-1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3580", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "nettle: Remote crash in RSA decryption via manipulated ciphertext", "Description": "A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.", "Severity": "HIGH", "CweIDs": [ "CWE-20" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-3580", "https://bugzilla.redhat.com/show_bug.cgi?id=1776250", "https://bugzilla.redhat.com/show_bug.cgi?id=1908110", "https://bugzilla.redhat.com/show_bug.cgi?id=1908334", "https://bugzilla.redhat.com/show_bug.cgi?id=1922275", "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", "https://bugzilla.redhat.com/show_bug.cgi?id=1965445", "https://bugzilla.redhat.com/show_bug.cgi?id=1967983", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20231", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20232", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3580", "https://errata.almalinux.org/8/ALSA-2021-4451.html", "https://errata.rockylinux.org/RLSA-2021:4451", "https://linux.oracle.com/cve/CVE-2021-3580.html", "https://linux.oracle.com/errata/ELSA-2022-9221.html", "https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-3580", "https://security.gentoo.org/glsa/202401-24", "https://security.netapp.com/advisory/ntap-20211104-0006/", "https://ubuntu.com/security/notices/USN-4990-1", "https://www.cve.org/CVERecord?id=CVE-2021-3580" ], "PublishedDate": "2021-08-05T21:15:12.853Z", "LastModifiedDate": "2024-01-16T15:15:08.14Z" }, { "VulnerabilityID": "CVE-2020-21913", "VendorIDs": [ "DSA-5014-1" ], "PkgName": "libicu63", "InstalledVersion": "63.1-6+deb10u1", "FixedVersion": "63.1-6+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-21913", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "icu: Use after free in pkg_createWithAssemblyCode function in tools/pkgdata/pkgdata.cpp", "Description": "International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-21913", "https://github.com/unicode-org/icu/pull/886", "https://lists.debian.org/debian-lts-announce/2021/10/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-21913", "https://ubuntu.com/security/notices/USN-5133-1", "https://unicode-org.atlassian.net/browse/ICU-20850", "https://www.cve.org/CVERecord?id=CVE-2020-21913", "https://www.debian.org/security/2021/dsa-5014" ], "PublishedDate": "2021-09-20T14:15:08.16Z", "LastModifiedDate": "2021-11-29T17:20:26.897Z" }, { "VulnerabilityID": "CVE-2019-12290", "PkgName": "libidn2-0", "InstalledVersion": "2.0.5-1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ...", "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", "Severity": "HIGH", "CweIDs": [ "CWE-20" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 5, "V3Score": 7.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html", "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html", "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5", "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", "https://gitlab.com/libidn/libidn2/merge_requests/71", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFT76Y7OSGPZV3EBEHD6ISVUM3DLARM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KXDKYWFV6N2HHVSE67FFDM7G3FEL2ZNE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONG3GJRRJO35COPGVJXXSZLU4J5Y42AT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSI4TI2JTQWQ3YEUX5X36GTVGKO4QKZ5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6ZXL2RDNQRAHCMKWPOMJFKYJ344X4HL/", "https://security.gentoo.org/glsa/202003-63", "https://ubuntu.com/security/notices/USN-4168-1", "https://usn.ubuntu.com/4168-1/", "https://www.cve.org/CVERecord?id=CVE-2019-12290" ], "PublishedDate": "2019-10-22T16:15:10.877Z", "LastModifiedDate": "2023-11-07T03:03:30.877Z" }, { "VulnerabilityID": "CVE-2017-9937", "PkgName": "libjbig0", "InstalledVersion": "2.1-3.1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9937", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: memory malloc failure in tif_jbig.c could cause DOS.", "Description": "In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://bugzilla.maptools.org/show_bug.cgi?id=2707", "http://www.securityfocus.com/bid/99304", "https://access.redhat.com/security/cve/CVE-2017-9937", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2017-9937", "https://ubuntu.com/security/notices/USN-5742-1", "https://www.cve.org/CVERecord?id=CVE-2017-9937" ], "PublishedDate": "2017-06-26T12:29:00.25Z", "LastModifiedDate": "2023-11-07T02:50:55.877Z" }, { "VulnerabilityID": "CVE-2020-13790", "PkgName": "libjpeg62-turbo", "InstalledVersion": "1:1.5.2-2", "FixedVersion": "1:1.5.2-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13790", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libjpeg-turbo: heap-based buffer over-read in get_rgb_row() in rdppm.c", "Description": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V2Score": 5.8, "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 8.1 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html", "https://access.redhat.com/security/cve/CVE-2020-13790", "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a", "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433", "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/", "https://nvd.nist.gov/vuln/detail/CVE-2020-13790", "https://security.gentoo.org/glsa/202010-03", "https://ubuntu.com/security/notices/USN-4386-1", "https://usn.ubuntu.com/4386-1/", "https://www.cve.org/CVERecord?id=CVE-2020-13790" ], "PublishedDate": "2020-06-03T19:15:10.817Z", "LastModifiedDate": "2023-11-07T03:16:58.543Z" }, { "VulnerabilityID": "CVE-2020-35538", "PkgName": "libjpeg62-turbo", "InstalledVersion": "1:1.5.2-2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35538", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libjpeg-turbo: Null pointer dereference in jcopy_sample_rows() function", "Description": "A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-35538", "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30", "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441", "https://nvd.nist.gov/vuln/detail/CVE-2020-35538", "https://ubuntu.com/security/notices/USN-5631-1", "https://www.cve.org/CVERecord?id=CVE-2020-35538" ], "PublishedDate": "2022-08-31T16:15:09.04Z", "LastModifiedDate": "2022-09-20T17:39:08.093Z" }, { "VulnerabilityID": "CVE-2021-46822", "PkgName": "libjpeg62-turbo", "InstalledVersion": "1:1.5.2-2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46822", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c", "Description": "The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:1068", "https://access.redhat.com/security/cve/CVE-2021-46822", "https://bugzilla.redhat.com/2100044", "https://bugzilla.redhat.com/show_bug.cgi?id=2100044", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46822", "https://errata.almalinux.org/9/ALSA-2023-1068.html", "https://errata.rockylinux.org/RLSA-2023:1068", "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567", "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2", "https://linux.oracle.com/cve/CVE-2021-46822.html", "https://linux.oracle.com/errata/ELSA-2023-1068.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-46822", "https://ubuntu.com/security/notices/USN-5631-1", "https://www.cve.org/CVERecord?id=CVE-2021-46822" ], "PublishedDate": "2022-06-18T16:15:08.11Z", "LastModifiedDate": "2022-08-15T15:52:58.887Z" }, { "VulnerabilityID": "CVE-2017-15232", "PkgName": "libjpeg62-turbo", "InstalledVersion": "1:1.5.2-2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15232", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libjpeg-turbo: NULL pointer dereference in jdpostct.c and jquant1.c", "Description": "libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-15232", "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182", "https://github.com/mozilla/mozjpeg/issues/268", "https://nvd.nist.gov/vuln/detail/CVE-2017-15232", "https://ubuntu.com/security/notices/USN-3706-1", "https://usn.ubuntu.com/3706-1/", "https://www.cve.org/CVERecord?id=CVE-2017-15232" ], "PublishedDate": "2017-10-11T03:29:00.197Z", "LastModifiedDate": "2018-07-11T01:29:00.487Z" }, { "VulnerabilityID": "CVE-2018-1152", "PkgName": "libjpeg62-turbo", "InstalledVersion": "1:1.5.2-2", "FixedVersion": "1:1.5.2-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1152", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libjpeg-turbo: Divide by zero allows for denial of service via crafted BMP image", "Description": "libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.", "Severity": "LOW", "CweIDs": [ "CWE-369" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", "http://www.securityfocus.com/bid/104543", "https://access.redhat.com/security/cve/CVE-2018-1152", "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6", "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-1152", "https://ubuntu.com/security/notices/USN-3706-1", "https://ubuntu.com/security/notices/USN-3706-2", "https://usn.ubuntu.com/3706-1/", "https://usn.ubuntu.com/3706-2/", "https://www.cve.org/CVERecord?id=CVE-2018-1152", "https://www.tenable.com/security/research/tra-2018-17" ], "PublishedDate": "2018-06-18T14:29:00.323Z", "LastModifiedDate": "2020-07-31T21:15:12.17Z" }, { "VulnerabilityID": "CVE-2018-11813", "PkgName": "libjpeg62-turbo", "InstalledVersion": "1:1.5.2-2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11813", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libjpeg: \"cjpeg\" utility large loop because read_pixel in rdtarga.c mishandles EOF", "Description": "libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.", "Severity": "LOW", "CweIDs": [ "CWE-834" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", "http://www.ijg.org/files/jpegsrc.v9d.tar.gz", "https://access.redhat.com/errata/RHSA-2019:2052", "https://access.redhat.com/security/cve/CVE-2018-11813", "https://bugs.gentoo.org/727908", "https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf", "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c", "https://linux.oracle.com/cve/CVE-2018-11813.html", "https://linux.oracle.com/errata/ELSA-2019-2052.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-11813", "https://ubuntu.com/security/notices/USN-5336-1", "https://ubuntu.com/security/notices/USN-5497-1", "https://ubuntu.com/security/notices/USN-5497-2", "https://ubuntu.com/security/notices/USN-5553-1", "https://ubuntu.com/security/notices/USN-5631-1", "https://www.cve.org/CVERecord?id=CVE-2018-11813" ], "PublishedDate": "2018-06-06T03:29:00.297Z", "LastModifiedDate": "2020-06-25T14:15:11.38Z" }, { "VulnerabilityID": "CVE-2018-14498", "PkgName": "libjpeg62-turbo", "InstalledVersion": "1:1.5.2-2", "FixedVersion": "1:1.5.2-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14498", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service", "Description": "get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", "https://access.redhat.com/errata/RHSA-2019:2052", "https://access.redhat.com/errata/RHSA-2019:3705", "https://access.redhat.com/security/cve/CVE-2018-14498", "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55", "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258", "https://github.com/mozilla/mozjpeg/issues/299", "https://linux.oracle.com/cve/CVE-2018-14498.html", "https://linux.oracle.com/errata/ELSA-2019-3705.html", "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html", "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/", "https://nvd.nist.gov/vuln/detail/CVE-2018-14498", "https://ubuntu.com/security/notices/USN-4190-1", "https://ubuntu.com/security/notices/USN-5553-1", "https://usn.ubuntu.com/4190-1/", "https://www.cve.org/CVERecord?id=CVE-2018-14498" ], "PublishedDate": "2019-03-07T23:29:00.487Z", "LastModifiedDate": "2023-11-07T02:52:58.227Z" }, { "VulnerabilityID": "CVE-2019-2201", "PkgName": "libjpeg62-turbo", "InstalledVersion": "1:1.5.2-2", "FixedVersion": "1:1.5.2-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-2201", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libjpeg-turbo: several integer overflows and subsequent segfaults when attempting to compress/decompress gigapixel images", "Description": "In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 9.3, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html", "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html", "https://access.redhat.com/security/cve/CVE-2019-2201", "https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/", "https://nvd.nist.gov/vuln/detail/CVE-2019-2201", "https://security.gentoo.org/glsa/202003-23", "https://source.android.com/security/bulletin/2019-11-01", "https://ubuntu.com/security/notices/USN-4190-1", "https://usn.ubuntu.com/4190-1/", "https://www.cve.org/CVERecord?id=CVE-2019-2201" ], "PublishedDate": "2019-11-13T18:15:11.53Z", "LastModifiedDate": "2023-11-07T03:09:23.903Z" }, { "VulnerabilityID": "CVE-2020-17541", "PkgName": "libjpeg62-turbo", "InstalledVersion": "1:1.5.2-2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17541", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libjpeg-turbo: Stack-based buffer overflow in the \"transform\" component", "Description": "Libjpeg-turbo all version have a stack-based buffer overflow in the \"transform\" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-17541", "https://bugzilla.redhat.com/show_bug.cgi?id=1968036", "https://bugzilla.redhat.com/show_bug.cgi?id=1982572", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17541", "https://cwe.mitre.org/data/definitions/121.html", "https://errata.almalinux.org/8/ALSA-2021-4288.html", "https://errata.rockylinux.org/RLSA-2021:4288", "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392", "https://linux.oracle.com/cve/CVE-2020-17541.html", "https://linux.oracle.com/errata/ELSA-2021-4288.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-17541", "https://ubuntu.com/security/notices/USN-5553-1", "https://ubuntu.com/security/notices/USN-5631-1", "https://www.cve.org/CVERecord?id=CVE-2020-17541" ], "PublishedDate": "2021-06-01T15:15:07.417Z", "LastModifiedDate": "2022-11-07T14:29:43.94Z" }, { "VulnerabilityID": "CVE-2021-3520", "VendorIDs": [ "DSA-4919-1" ], "PkgName": "liblz4-1", "InstalledVersion": "1.8.3-1", "FixedVersion": "1.8.3-1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3520", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "lz4: memory corruption due to an integer overflow bug caused by memmove argument", "Description": "There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", "Severity": "CRITICAL", "CweIDs": [ "CWE-190", "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-3520", "https://bugzilla.redhat.com/show_bug.cgi?id=1954559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3520", "https://errata.almalinux.org/8/ALSA-2021-2575.html", "https://errata.rockylinux.org/RLSA-2021:2575", "https://github.com/lz4/lz4/pull/972", "https://linux.oracle.com/cve/CVE-2021-3520.html", "https://linux.oracle.com/errata/ELSA-2021-2575.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-3520", "https://security.netapp.com/advisory/ntap-20211104-0005/", "https://ubuntu.com/security/notices/USN-4968-1", "https://ubuntu.com/security/notices/USN-4968-2", "https://www.cve.org/CVERecord?id=CVE-2021-3520", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2021-06-02T13:15:13.17Z", "LastModifiedDate": "2024-06-06T20:25:48.483Z" }, { "VulnerabilityID": "CVE-2019-17543", "PkgName": "liblz4-1", "InstalledVersion": "1.8.3-1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "lz4: heap-based buffer overflow in LZ4_write32", "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", "https://access.redhat.com/security/cve/CVE-2019-17543", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", "https://github.com/lz4/lz4/issues/801", "https://github.com/lz4/lz4/pull/756", "https://github.com/lz4/lz4/pull/760", "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17%40%3Cissues.arrow.apache.org%3E", "https://lists.apache.org/thread.html/543302d55e2d2da4311994e9b0debdc676bf3fd05e1a2be3407aa2d6%40%3Cissues.arrow.apache.org%3E", "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357%40%3Cissues.arrow.apache.org%3E", "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3%40%3Cissues.arrow.apache.org%3E", "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316%40%3Cissues.arrow.apache.org%3E", "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3%40%3Cdev.arrow.apache.org%3E", "https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26%40%3Cissues.kudu.apache.org%3E", "https://lists.apache.org/thread.html/r4068ba81066792f2b4d208b39c4c4713c5d4c79bd8cb6c1904af5720%40%3Cissues.kudu.apache.org%3E", "https://lists.apache.org/thread.html/r7bc72200f94298bc9a0e35637f388deb53467ca4b2e2ad1ff66d8960%40%3Cissues.kudu.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2019-17543", "https://security.netapp.com/advisory/ntap-20210723-0001/", "https://www.cve.org/CVERecord?id=CVE-2019-17543", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuoct2020.html" ], "PublishedDate": "2019-10-14T02:15:10.873Z", "LastModifiedDate": "2023-11-07T03:06:19.137Z" }, { "VulnerabilityID": "CVE-2022-1271", "VendorIDs": [ "DSA-5123-1" ], "PkgName": "liblzma5", "InstalledVersion": "5.2.4-1", "FixedVersion": "5.2.4-1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1271", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gzip: arbitrary-file-write vulnerability", "Description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "Severity": "HIGH", "CweIDs": [ "CWE-20", "CWE-179" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:4940", "https://access.redhat.com/security/cve/CVE-2022-1271", "https://bugzilla.redhat.com/2073310", "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271", "https://errata.almalinux.org/9/ALSA-2022-4940.html", "https://errata.rockylinux.org/RLSA-2022:4940", "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", "https://linux.oracle.com/cve/CVE-2022-1271.html", "https://linux.oracle.com/errata/ELSA-2022-5052.html", "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-1271", "https://security-tracker.debian.org/tracker/CVE-2022-1271", "https://security.gentoo.org/glsa/202209-01", "https://security.netapp.com/advisory/ntap-20220930-0006/", "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", "https://ubuntu.com/security/notices/USN-5378-1", "https://ubuntu.com/security/notices/USN-5378-2", "https://ubuntu.com/security/notices/USN-5378-3", "https://ubuntu.com/security/notices/USN-5378-4", "https://www.cve.org/CVERecord?id=CVE-2022-1271", "https://www.openwall.com/lists/oss-security/2022/04/07/8" ], "PublishedDate": "2022-08-31T16:15:09.347Z", "LastModifiedDate": "2023-11-07T03:41:52.377Z" }, { "VulnerabilityID": "CVE-2024-28085", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "libmount1", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2024-06-10T17:16:24.37Z" }, { "VulnerabilityID": "CVE-2021-37600", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "libmount1", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", "Description": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 1.2, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-37600", "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", "https://github.com/karelzak/util-linux/issues/1395", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20210902-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-37600" ], "PublishedDate": "2021-07-30T14:15:18.737Z", "LastModifiedDate": "2024-08-04T02:15:24.44Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgName": "libmount1", "InstalledVersion": "2.33.1-0.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2024-01-07T09:15:08.713Z" }, { "VulnerabilityID": "CVE-2021-39537", "VendorIDs": [ "DLA-3682-1" ], "PkgName": "libncursesw6", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-39537", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c", "Description": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1\u0026content-type=text/x-cvsweb-markup", "http://seclists.org/fulldisclosure/2022/Oct/28", "http://seclists.org/fulldisclosure/2022/Oct/41", "http://seclists.org/fulldisclosure/2022/Oct/43", "http://seclists.org/fulldisclosure/2022/Oct/45", "https://access.redhat.com/security/cve/CVE-2021-39537", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html", "https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-39537", "https://security.netapp.com/advisory/ntap-20230427-0012/", "https://support.apple.com/kb/HT213443", "https://support.apple.com/kb/HT213444", "https://support.apple.com/kb/HT213488", "https://ubuntu.com/security/notices/USN-5477-1", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2021-39537" ], "PublishedDate": "2021-09-20T16:15:12.477Z", "LastModifiedDate": "2023-12-03T20:15:06.86Z" }, { "VulnerabilityID": "CVE-2022-29458", "VendorIDs": [ "DLA-3167-1" ], "PkgName": "libncursesw6", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29458", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: segfaulting OOB read", "Description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V2Score": 5.8, "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "http://seclists.org/fulldisclosure/2022/Oct/28", "http://seclists.org/fulldisclosure/2022/Oct/41", "https://access.redhat.com/security/cve/CVE-2022-29458", "https://invisible-island.net/ncurses/NEWS.html#t20220416", "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "https://support.apple.com/kb/HT213488", "https://ubuntu.com/security/notices/USN-5477-1", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2022-29458" ], "PublishedDate": "2022-04-18T21:15:07.6Z", "LastModifiedDate": "2023-11-07T03:46:02.1Z" }, { "VulnerabilityID": "CVE-2023-29491", "VendorIDs": [ "DLA-3682-1" ], "PkgName": "libncursesw6", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2024-01-31T03:15:07.86Z" }, { "VulnerabilityID": "CVE-2020-19189", "VendorIDs": [ "DLA-3586-1" ], "PkgName": "libncursesw6", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-19189", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997", "Description": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://seclists.org/fulldisclosure/2023/Dec/10", "http://seclists.org/fulldisclosure/2023/Dec/11", "http://seclists.org/fulldisclosure/2023/Dec/9", "https://access.redhat.com/security/cve/CVE-2020-19189", "https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md", "https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-19189", "https://security.netapp.com/advisory/ntap-20231006-0005/", "https://support.apple.com/kb/HT214036", "https://support.apple.com/kb/HT214037", "https://support.apple.com/kb/HT214038", "https://ubuntu.com/security/notices/USN-6451-1", "https://www.cve.org/CVERecord?id=CVE-2020-19189" ], "PublishedDate": "2023-08-22T19:16:01.02Z", "LastModifiedDate": "2023-12-13T01:15:07.683Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgName": "libncursesw6", "InstalledVersion": "6.1+20181013-2+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "MEDIUM", "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2024-01-31T03:15:08.49Z" }, { "VulnerabilityID": "CVE-2023-45918", "PkgName": "libncursesw6", "InstalledVersion": "6.1+20181013-2+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45918", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c", "Description": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Severity": "LOW", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-45918", "https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45918", "https://security.netapp.com/advisory/ntap-20240315-0006/", "https://www.cve.org/CVERecord?id=CVE-2023-45918" ], "PublishedDate": "2024-02-16T22:15:07.88Z", "LastModifiedDate": "2024-03-15T11:15:08.51Z" }, { "VulnerabilityID": "CVE-2021-20305", "VendorIDs": [ "DSA-4933-1" ], "PkgName": "libnettle6", "InstalledVersion": "3.4.1-1", "FixedVersion": "3.4.1-1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20305", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "nettle: Out of bounds memory access in signature verification", "Description": "A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA \u0026 ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.", "Severity": "HIGH", "CweIDs": [ "CWE-787", "CWE-327" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-20305", "https://bugzilla.redhat.com/show_bug.cgi?id=1942533", "https://linux.oracle.com/cve/CVE-2021-20305.html", "https://linux.oracle.com/errata/ELSA-2021-1206.html", "https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/", "https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-20305", "https://security.gentoo.org/glsa/202105-31", "https://security.netapp.com/advisory/ntap-20211022-0002/", "https://ubuntu.com/security/notices/USN-4906-1", "https://www.cve.org/CVERecord?id=CVE-2021-20305", "https://www.debian.org/security/2021/dsa-4933" ], "PublishedDate": "2021-04-05T22:15:12.727Z", "LastModifiedDate": "2023-11-07T03:29:05.253Z" }, { "VulnerabilityID": "CVE-2021-3580", "VendorIDs": [ "DSA-4933-1" ], "PkgName": "libnettle6", "InstalledVersion": "3.4.1-1", "FixedVersion": "3.4.1-1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3580", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "nettle: Remote crash in RSA decryption via manipulated ciphertext", "Description": "A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.", "Severity": "HIGH", "CweIDs": [ "CWE-20" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-3580", "https://bugzilla.redhat.com/show_bug.cgi?id=1776250", "https://bugzilla.redhat.com/show_bug.cgi?id=1908110", "https://bugzilla.redhat.com/show_bug.cgi?id=1908334", "https://bugzilla.redhat.com/show_bug.cgi?id=1922275", "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", "https://bugzilla.redhat.com/show_bug.cgi?id=1965445", "https://bugzilla.redhat.com/show_bug.cgi?id=1967983", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20231", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20232", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3580", "https://errata.almalinux.org/8/ALSA-2021-4451.html", "https://errata.rockylinux.org/RLSA-2021:4451", "https://linux.oracle.com/cve/CVE-2021-3580.html", "https://linux.oracle.com/errata/ELSA-2022-9221.html", "https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-3580", "https://security.gentoo.org/glsa/202401-24", "https://security.netapp.com/advisory/ntap-20211104-0006/", "https://ubuntu.com/security/notices/USN-4990-1", "https://www.cve.org/CVERecord?id=CVE-2021-3580" ], "PublishedDate": "2021-08-05T21:15:12.853Z", "LastModifiedDate": "2024-01-16T15:15:08.14Z" }, { "VulnerabilityID": "CVE-2020-29361", "VendorIDs": [ "DSA-4822-1" ], "PkgName": "libp11-kit0", "InstalledVersion": "0.23.15-2", "FixedVersion": "0.23.15-2+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29361", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers", "Description": "An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-29361", "https://bugzilla.redhat.com/show_bug.cgi?id=1665172", "https://bugzilla.redhat.com/show_bug.cgi?id=1890464", "https://bugzilla.redhat.com/show_bug.cgi?id=1903588", "https://bugzilla.redhat.com/show_bug.cgi?id=1903590", "https://bugzilla.redhat.com/show_bug.cgi?id=1903592", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29361", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29362", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29363", "https://errata.almalinux.org/8/ALSA-2021-1609.html", "https://errata.rockylinux.org/RLSA-2021:1609", "https://github.com/p11-glue/p11-kit/releases", "https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2", "https://linux.oracle.com/cve/CVE-2020-29361.html", "https://linux.oracle.com/errata/ELSA-2021-1609.html", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html", "https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-29361", "https://ubuntu.com/security/notices/USN-4677-1", "https://ubuntu.com/security/notices/USN-4677-2", "https://www.cve.org/CVERecord?id=CVE-2020-29361", "https://www.debian.org/security/2021/dsa-4822" ], "PublishedDate": "2020-12-16T14:15:12.717Z", "LastModifiedDate": "2023-11-07T03:21:26.927Z" }, { "VulnerabilityID": "CVE-2020-29363", "VendorIDs": [ "DSA-4822-1" ], "PkgName": "libp11-kit0", "InstalledVersion": "0.23.15-2", "FixedVersion": "0.23.15-2+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29363", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c", "Description": "An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-29363", "https://bugzilla.redhat.com/show_bug.cgi?id=1665172", "https://bugzilla.redhat.com/show_bug.cgi?id=1890464", "https://bugzilla.redhat.com/show_bug.cgi?id=1903588", "https://bugzilla.redhat.com/show_bug.cgi?id=1903590", "https://bugzilla.redhat.com/show_bug.cgi?id=1903592", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29361", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29362", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29363", "https://errata.almalinux.org/8/ALSA-2021-1609.html", "https://errata.rockylinux.org/RLSA-2021:1609", "https://github.com/p11-glue/p11-kit/releases", "https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x", "https://linux.oracle.com/cve/CVE-2020-29363.html", "https://linux.oracle.com/errata/ELSA-2021-1609.html", "https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-29363", "https://ubuntu.com/security/notices/USN-4677-1", "https://www.cve.org/CVERecord?id=CVE-2020-29363", "https://www.debian.org/security/2021/dsa-4822", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2020-12-16T14:15:12.84Z", "LastModifiedDate": "2022-05-12T14:47:48.787Z" }, { "VulnerabilityID": "CVE-2020-29362", "VendorIDs": [ "DSA-4822-1" ], "PkgName": "libp11-kit0", "InstalledVersion": "0.23.15-2", "FixedVersion": "0.23.15-2+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29362", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c", "Description": "An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-29362", "https://bugzilla.redhat.com/show_bug.cgi?id=1665172", "https://bugzilla.redhat.com/show_bug.cgi?id=1890464", "https://bugzilla.redhat.com/show_bug.cgi?id=1903588", "https://bugzilla.redhat.com/show_bug.cgi?id=1903590", "https://bugzilla.redhat.com/show_bug.cgi?id=1903592", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29361", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29362", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29363", "https://errata.almalinux.org/8/ALSA-2021-1609.html", "https://errata.rockylinux.org/RLSA-2021:1609", "https://github.com/p11-glue/p11-kit/releases", "https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc", "https://linux.oracle.com/cve/CVE-2020-29362.html", "https://linux.oracle.com/errata/ELSA-2021-1609.html", "https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html", "https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-29362", "https://ubuntu.com/security/notices/USN-4677-1", "https://www.cve.org/CVERecord?id=CVE-2020-29362", "https://www.debian.org/security/2021/dsa-4822" ], "PublishedDate": "2020-12-16T14:15:12.777Z", "LastModifiedDate": "2021-01-11T16:50:31.103Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgName": "libpam-modules", "InstalledVersion": "1.3.1-5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2024-02-14T00:27:40.143Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgName": "libpam-modules-bin", "InstalledVersion": "1.3.1-5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2024-02-14T00:27:40.143Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgName": "libpam-runtime", "InstalledVersion": "1.3.1-5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2024-02-14T00:27:40.143Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgName": "libpam0g", "InstalledVersion": "1.3.1-5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2024-02-14T00:27:40.143Z" }, { "VulnerabilityID": "CVE-2020-14155", "PkgName": "libpcre3", "InstalledVersion": "2:8.39-12", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14155", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "pcre: Integer overflow when parsing callout numeric arguments", "Description": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://seclists.org/fulldisclosure/2020/Dec/32", "http://seclists.org/fulldisclosure/2021/Feb/14", "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/", "https://access.redhat.com/security/cve/CVE-2020-14155", "https://bugs.gentoo.org/717920", "https://bugzilla.redhat.com/show_bug.cgi?id=1848436", "https://bugzilla.redhat.com/show_bug.cgi?id=1848444", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155", "https://errata.almalinux.org/8/ALSA-2021-4373.html", "https://errata.rockylinux.org/RLSA-2021:4373", "https://linux.oracle.com/cve/CVE-2020-14155.html", "https://linux.oracle.com/errata/ELSA-2021-4373.html", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2020-14155", "https://security.netapp.com/advisory/ntap-20221028-0010/", "https://support.apple.com/kb/HT211931", "https://support.apple.com/kb/HT212147", "https://ubuntu.com/security/notices/USN-5425-1", "https://www.cve.org/CVERecord?id=CVE-2020-14155", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.pcre.org/original/changelog.txt" ], "PublishedDate": "2020-06-15T17:15:10.777Z", "LastModifiedDate": "2024-03-27T16:04:48.863Z" }, { "VulnerabilityID": "CVE-2017-11164", "PkgName": "libpcre3", "InstalledVersion": "2:8.39-12", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 7.8, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://openwall.com/lists/oss-security/2017/07/11/3", "http://www.openwall.com/lists/oss-security/2023/04/11/1", "http://www.openwall.com/lists/oss-security/2023/04/12/1", "http://www.securityfocus.com/bid/99575", "https://access.redhat.com/security/cve/CVE-2017-11164", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2017-11164", "https://www.cve.org/CVERecord?id=CVE-2017-11164" ], "PublishedDate": "2017-07-11T03:29:00.277Z", "LastModifiedDate": "2023-11-07T02:38:10.98Z" }, { "VulnerabilityID": "CVE-2017-16231", "PkgName": "libpcre3", "InstalledVersion": "2:8.39-12", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16231", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "pcre: self-recursive call in match() in pcre_exec.c leads to denial of service", "Description": "In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 2.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html", "http://seclists.org/fulldisclosure/2018/Dec/33", "http://www.openwall.com/lists/oss-security/2017/11/01/11", "http://www.openwall.com/lists/oss-security/2017/11/01/3", "http://www.openwall.com/lists/oss-security/2017/11/01/7", "http://www.openwall.com/lists/oss-security/2017/11/01/8", "http://www.securityfocus.com/bid/101688", "https://access.redhat.com/security/cve/CVE-2017-16231", "https://bugs.exim.org/show_bug.cgi?id=2047", "https://nvd.nist.gov/vuln/detail/CVE-2017-16231", "https://www.cve.org/CVERecord?id=CVE-2017-16231" ], "PublishedDate": "2019-03-21T15:59:56.217Z", "LastModifiedDate": "2024-08-05T21:15:24.307Z" }, { "VulnerabilityID": "CVE-2017-7245", "PkgName": "libpcre3", "InstalledVersion": "2:8.39-12", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://access.redhat.com/security/cve/CVE-2017-7245", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", "https://nvd.nist.gov/vuln/detail/CVE-2017-7245", "https://security.gentoo.org/glsa/201710-25", "https://www.cve.org/CVERecord?id=CVE-2017-7245" ], "PublishedDate": "2017-03-23T21:59:00.193Z", "LastModifiedDate": "2018-08-17T10:29:03.003Z" }, { "VulnerabilityID": "CVE-2017-7246", "PkgName": "libpcre3", "InstalledVersion": "2:8.39-12", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://access.redhat.com/security/cve/CVE-2017-7246", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", "https://nvd.nist.gov/vuln/detail/CVE-2017-7246", "https://security.gentoo.org/glsa/201710-25", "https://www.cve.org/CVERecord?id=CVE-2017-7246" ], "PublishedDate": "2017-03-23T21:59:00.223Z", "LastModifiedDate": "2018-08-17T10:29:03.08Z" }, { "VulnerabilityID": "CVE-2019-20838", "PkgName": "libpcre3", "InstalledVersion": "2:8.39-12", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20838", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1", "Description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://seclists.org/fulldisclosure/2020/Dec/32", "http://seclists.org/fulldisclosure/2021/Feb/14", "https://access.redhat.com/security/cve/CVE-2019-20838", "https://bugs.gentoo.org/717920", "https://bugzilla.redhat.com/show_bug.cgi?id=1848436", "https://bugzilla.redhat.com/show_bug.cgi?id=1848444", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155", "https://errata.almalinux.org/8/ALSA-2021-4373.html", "https://errata.rockylinux.org/RLSA-2021:4373", "https://linux.oracle.com/cve/CVE-2019-20838.html", "https://linux.oracle.com/errata/ELSA-2021-4373.html", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2019-20838", "https://support.apple.com/kb/HT211931", "https://support.apple.com/kb/HT212147", "https://ubuntu.com/security/notices/USN-5425-1", "https://www.cve.org/CVERecord?id=CVE-2019-20838", "https://www.pcre.org/original/changelog.txt" ], "PublishedDate": "2020-06-15T17:15:09.683Z", "LastModifiedDate": "2024-03-27T16:05:46.553Z" }, { "VulnerabilityID": "CVE-2018-14048", "PkgName": "libpng16-16", "InstalledVersion": "1.6.36-6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14048", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libpng: Segmentation fault in png.c:png_free_data function causing denial of service", "Description": "An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.", "Severity": "LOW", "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "https://access.redhat.com/security/cve/CVE-2018-14048", "https://github.com/fouzhe/security/tree/master/libpng", "https://github.com/glennrp/libpng/issues/238", "https://nvd.nist.gov/vuln/detail/CVE-2018-14048", "https://seclists.org/bugtraq/2019/Apr/30", "https://security.gentoo.org/glsa/201908-02", "https://ubuntu.com/security/notices/USN-5432-1", "https://ubuntu.com/security/notices/USN-5432-2", "https://www.cve.org/CVERecord?id=CVE-2018-14048" ], "PublishedDate": "2018-07-13T16:29:00.377Z", "LastModifiedDate": "2022-06-27T17:35:11.88Z" }, { "VulnerabilityID": "CVE-2018-14550", "PkgName": "libpng16-16", "InstalledVersion": "1.6.36-6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14550", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libpng: Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token() potentially leading to arbitrary code execution", "Description": "An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-14550", "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token", "https://github.com/glennrp/libpng", "https://github.com/glennrp/libpng/issues/246", "https://nvd.nist.gov/vuln/detail/CVE-2018-14550", "https://security.gentoo.org/glsa/201908-02", "https://security.netapp.com/advisory/ntap-20221028-0001", "https://security.netapp.com/advisory/ntap-20221028-0001/", "https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612", "https://www.cve.org/CVERecord?id=CVE-2018-14550", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2019-07-10T12:15:10.75Z", "LastModifiedDate": "2023-03-01T01:57:24.84Z" }, { "VulnerabilityID": "CVE-2019-6129", "PkgName": "libpng16-16", "InstalledVersion": "1.6.36-6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6129", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libpng: memory leak of png_info struct in pngcp.c", "Description": "png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated \"I don't think it is libpng's job to free this buffer.", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-6129", "https://github.com/glennrp/libpng/issues/269", "https://nvd.nist.gov/vuln/detail/CVE-2019-6129", "https://www.cve.org/CVERecord?id=CVE-2019-6129", "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" ], "PublishedDate": "2019-01-11T05:29:01.64Z", "LastModifiedDate": "2024-08-04T21:15:25.47Z" }, { "VulnerabilityID": "CVE-2021-4214", "PkgName": "libpng16-16", "InstalledVersion": "1.6.36-6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4214", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libpng: hardcoded value leads to heap-overflow", "Description": "A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.", "Severity": "LOW", "CweIDs": [ "CWE-120", "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-4214", "https://bugzilla.redhat.com/show_bug.cgi?id=2043393", "https://github.com/glennrp/libpng/issues/302", "https://nvd.nist.gov/vuln/detail/CVE-2021-4214", "https://security-tracker.debian.org/tracker/CVE-2021-4214", "https://security.netapp.com/advisory/ntap-20221020-0001/", "https://www.cve.org/CVERecord?id=CVE-2021-4214" ], "PublishedDate": "2022-08-24T16:15:10.037Z", "LastModifiedDate": "2022-11-08T02:32:10.533Z" }, { "VulnerabilityID": "CVE-2019-9893", "PkgName": "libseccomp2", "InstalledVersion": "2.3.3-4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9893", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libseccomp: incorrect generation of syscall filters in libseccomp", "Description": "libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.", "Severity": "LOW", "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html", "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html", "http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html", "https://access.redhat.com/errata/RHSA-2019:3624", "https://access.redhat.com/security/cve/CVE-2019-9893", "https://github.com/seccomp/libseccomp/issues/139", "https://linux.oracle.com/cve/CVE-2019-9893.html", "https://linux.oracle.com/errata/ELSA-2019-3624.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-9893", "https://seclists.org/oss-sec/2019/q1/179", "https://security.gentoo.org/glsa/201904-18", "https://ubuntu.com/security/notices/USN-4001-1", "https://ubuntu.com/security/notices/USN-4001-2", "https://usn.ubuntu.com/4001-1/", "https://usn.ubuntu.com/4001-2/", "https://www.cve.org/CVERecord?id=CVE-2019-9893", "https://www.openwall.com/lists/oss-security/2019/03/15/1" ], "PublishedDate": "2019-03-21T16:01:17.687Z", "LastModifiedDate": "2020-08-24T17:37:01.14Z" }, { "VulnerabilityID": "CVE-2021-36084", "PkgName": "libsepol1", "InstalledVersion": "2.8-1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-36084", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libsepol: use-after-free in __cil_verify_classperms()", "Description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V2Score": 2.1, "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-36084", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065", "https://bugzilla.redhat.com/show_bug.cgi?id=1979662", "https://bugzilla.redhat.com/show_bug.cgi?id=1979664", "https://bugzilla.redhat.com/show_bug.cgi?id=1979666", "https://bugzilla.redhat.com/show_bug.cgi?id=1979668", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087", "https://errata.almalinux.org/8/ALSA-2021-4513.html", "https://errata.rockylinux.org/RLSA-2021:4513", "https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3", "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml", "https://linux.oracle.com/cve/CVE-2021-36084.html", "https://linux.oracle.com/errata/ELSA-2021-4513.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/", "https://nvd.nist.gov/vuln/detail/CVE-2021-36084", "https://ubuntu.com/security/notices/USN-5391-1", "https://www.cve.org/CVERecord?id=CVE-2021-36084" ], "PublishedDate": "2021-07-01T03:15:08.717Z", "LastModifiedDate": "2023-11-07T03:36:42.51Z" }, { "VulnerabilityID": "CVE-2021-36085", "PkgName": "libsepol1", "InstalledVersion": "2.8-1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-36085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libsepol: use-after-free in __cil_verify_classperms()", "Description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V2Score": 2.1, "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-36085", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124", "https://bugzilla.redhat.com/show_bug.cgi?id=1979662", "https://bugzilla.redhat.com/show_bug.cgi?id=1979664", "https://bugzilla.redhat.com/show_bug.cgi?id=1979666", "https://bugzilla.redhat.com/show_bug.cgi?id=1979668", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087", "https://errata.almalinux.org/8/ALSA-2021-4513.html", "https://errata.rockylinux.org/RLSA-2021:4513", "https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba", "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml", "https://linux.oracle.com/cve/CVE-2021-36085.html", "https://linux.oracle.com/errata/ELSA-2021-4513.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/", "https://nvd.nist.gov/vuln/detail/CVE-2021-36085", "https://ubuntu.com/security/notices/USN-5391-1", "https://www.cve.org/CVERecord?id=CVE-2021-36085" ], "PublishedDate": "2021-07-01T03:15:08.75Z", "LastModifiedDate": "2023-11-07T03:36:42.577Z" }, { "VulnerabilityID": "CVE-2021-36086", "PkgName": "libsepol1", "InstalledVersion": "2.8-1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-36086", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libsepol: use-after-free in cil_reset_classpermission()", "Description": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V2Score": 2.1, "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-36086", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177", "https://bugzilla.redhat.com/show_bug.cgi?id=1979662", "https://bugzilla.redhat.com/show_bug.cgi?id=1979664", "https://bugzilla.redhat.com/show_bug.cgi?id=1979666", "https://bugzilla.redhat.com/show_bug.cgi?id=1979668", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087", "https://errata.almalinux.org/8/ALSA-2021-4513.html", "https://errata.rockylinux.org/RLSA-2021:4513", "https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8", "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml", "https://linux.oracle.com/cve/CVE-2021-36086.html", "https://linux.oracle.com/errata/ELSA-2021-4513.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/", "https://nvd.nist.gov/vuln/detail/CVE-2021-36086", "https://ubuntu.com/security/notices/USN-5391-1", "https://www.cve.org/CVERecord?id=CVE-2021-36086" ], "PublishedDate": "2021-07-01T03:15:08.783Z", "LastModifiedDate": "2023-11-07T03:36:42.637Z" }, { "VulnerabilityID": "CVE-2021-36087", "PkgName": "libsepol1", "InstalledVersion": "2.8-1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-36087", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libsepol: heap-based buffer overflow in ebitmap_match_any()", "Description": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V2Score": 2.1, "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-36087", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675", "https://bugzilla.redhat.com/show_bug.cgi?id=1979662", "https://bugzilla.redhat.com/show_bug.cgi?id=1979664", "https://bugzilla.redhat.com/show_bug.cgi?id=1979666", "https://bugzilla.redhat.com/show_bug.cgi?id=1979668", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087", "https://errata.almalinux.org/8/ALSA-2021-4513.html", "https://errata.rockylinux.org/RLSA-2021:4513", "https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521", "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml", "https://linux.oracle.com/cve/CVE-2021-36087.html", "https://linux.oracle.com/errata/ELSA-2021-4513.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/", "https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ%40mail.gmail.com/T/", "https://nvd.nist.gov/vuln/detail/CVE-2021-36087", "https://ubuntu.com/security/notices/USN-5391-1", "https://www.cve.org/CVERecord?id=CVE-2021-36087" ], "PublishedDate": "2021-07-01T03:15:08.817Z", "LastModifiedDate": "2023-11-07T03:36:42.693Z" }, { "VulnerabilityID": "CVE-2024-28085", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "libsmartcols1", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2024-06-10T17:16:24.37Z" }, { "VulnerabilityID": "CVE-2021-37600", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "libsmartcols1", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", "Description": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 1.2, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-37600", "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", "https://github.com/karelzak/util-linux/issues/1395", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20210902-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-37600" ], "PublishedDate": "2021-07-30T14:15:18.737Z", "LastModifiedDate": "2024-08-04T02:15:24.44Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgName": "libsmartcols1", "InstalledVersion": "2.33.1-0.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2024-01-07T09:15:08.713Z" }, { "VulnerabilityID": "CVE-2022-1304", "PkgName": "libss2", "InstalledVersion": "1.44.5-1+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1304", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "e2fsprogs: out-of-bounds read/write via crafted filesystem", "Description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "Severity": "HIGH", "CweIDs": [ "CWE-125", "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8361", "https://access.redhat.com/security/cve/CVE-2022-1304", "https://bugzilla.redhat.com/2069726", "https://bugzilla.redhat.com/show_bug.cgi?id=2069726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304", "https://errata.almalinux.org/9/ALSA-2022-8361.html", "https://errata.rockylinux.org/RLSA-2022:8361", "https://linux.oracle.com/cve/CVE-2022-1304.html", "https://linux.oracle.com/errata/ELSA-2022-8361.html", "https://marc.info/?l=linux-ext4\u0026m=165056234501732\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2022-1304", "https://ubuntu.com/security/notices/USN-5464-1", "https://www.cve.org/CVERecord?id=CVE-2022-1304" ], "PublishedDate": "2022-04-14T21:15:08.49Z", "LastModifiedDate": "2023-11-07T03:41:53.02Z" }, { "VulnerabilityID": "CVE-2021-3711", "VendorIDs": [ "DSA-4963-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1d-0+deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3711", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: SM2 Decryption Buffer Overflow", "Description": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", "Severity": "CRITICAL", "CweIDs": [ "CWE-120" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2021/08/26/2", "https://access.redhat.com/security/cve/CVE-2021-3711", "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46", "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2021-3711", "https://rustsec.org/advisories/RUSTSEC-2021-0097.html", "https://security.gentoo.org/glsa/202209-02", "https://security.gentoo.org/glsa/202210-02", "https://security.netapp.com/advisory/ntap-20210827-0010", "https://security.netapp.com/advisory/ntap-20210827-0010/", "https://security.netapp.com/advisory/ntap-20211022-0003", "https://security.netapp.com/advisory/ntap-20211022-0003/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-5051-1", "https://www.cve.org/CVERecord?id=CVE-2021-3711", "https://www.debian.org/security/2021/dsa-4963", "https://www.openssl.org/news/secadv/20210824.txt", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://www.tenable.com/security/tns-2021-16", "https://www.tenable.com/security/tns-2022-02" ], "PublishedDate": "2021-08-24T15:15:09.133Z", "LastModifiedDate": "2024-06-21T19:15:20.213Z" }, { "VulnerabilityID": "CVE-2022-1292", "VendorIDs": [ "DSA-5139-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1292", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: c_rehash script allows command injection", "Description": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).", "Severity": "CRITICAL", "CweIDs": [ "CWE-78" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 10, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:6224", "https://access.redhat.com/security/cve/CVE-2022-1292", "https://bugzilla.redhat.com/2081494", "https://bugzilla.redhat.com/2087911", "https://bugzilla.redhat.com/2087913", "https://bugzilla.redhat.com/2097310", "https://bugzilla.redhat.com/2104905", "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "https://errata.almalinux.org/9/ALSA-2022-6224.html", "https://errata.rockylinux.org/RLSA-2022:5818", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23", "https://linux.oracle.com/cve/CVE-2022-1292.html", "https://linux.oracle.com/errata/ELSA-2022-9751.html", "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/", "https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-1292", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011", "https://security.gentoo.org/glsa/202210-02", "https://security.netapp.com/advisory/ntap-20220602-0009/", "https://security.netapp.com/advisory/ntap-20220729-0004/", "https://ubuntu.com/security/notices/USN-5402-1", "https://ubuntu.com/security/notices/USN-5402-2", "https://ubuntu.com/security/notices/USN-6457-1", "https://www.cve.org/CVERecord?id=CVE-2022-1292", "https://www.debian.org/security/2022/dsa-5139", "https://www.openssl.org/news/secadv/20220503.txt", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-05-03T16:15:18.823Z", "LastModifiedDate": "2023-11-07T03:41:52.74Z" }, { "VulnerabilityID": "CVE-2022-2068", "VendorIDs": [ "DSA-5169-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2068", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: the c_rehash script allows command injection", "Description": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).", "Severity": "CRITICAL", "CweIDs": [ "CWE-78" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 10, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:6224", "https://access.redhat.com/security/cve/CVE-2022-2068", "https://bugzilla.redhat.com/2081494", "https://bugzilla.redhat.com/2087911", "https://bugzilla.redhat.com/2087913", "https://bugzilla.redhat.com/2097310", "https://bugzilla.redhat.com/2104905", "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "https://errata.almalinux.org/9/ALSA-2022-6224.html", "https://errata.rockylinux.org/RLSA-2022:5818", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7", "https://linux.oracle.com/cve/CVE-2022-2068.html", "https://linux.oracle.com/errata/ELSA-2022-9751.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", "https://nvd.nist.gov/vuln/detail/CVE-2022-2068", "https://security.netapp.com/advisory/ntap-20220707-0008/", "https://ubuntu.com/security/notices/USN-5488-1", "https://ubuntu.com/security/notices/USN-5488-2", "https://ubuntu.com/security/notices/USN-6457-1", "https://www.cve.org/CVERecord?id=CVE-2022-2068", "https://www.debian.org/security/2022/dsa-5169", "https://www.openssl.org/news/secadv/20220621.txt" ], "PublishedDate": "2022-06-21T15:15:09.06Z", "LastModifiedDate": "2023-11-07T03:46:11.177Z" }, { "VulnerabilityID": "CVE-2021-23840", "VendorIDs": [ "DSA-4855-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1d-0+deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23840", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: integer overflow in CipherUpdate", "Description": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-23840", "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2", "https://github.com/alexcrichton/openssl-src-rs", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366", "https://linux.oracle.com/cve/CVE-2021-23840.html", "https://linux.oracle.com/errata/ELSA-2021-9561.html", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2021-23840", "https://rustsec.org/advisories/RUSTSEC-2021-0057.html", "https://security.gentoo.org/glsa/202103-03", "https://security.netapp.com/advisory/ntap-20210219-0009", "https://security.netapp.com/advisory/ntap-20210219-0009/", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-4738-1", "https://ubuntu.com/security/notices/USN-5088-1", "https://www.cve.org/CVERecord?id=CVE-2021-23840", "https://www.debian.org/security/2021/dsa-4855", "https://www.openssl.org/news/secadv/20210216.txt", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://www.tenable.com/security/tns-2021-03", "https://www.tenable.com/security/tns-2021-09", "https://www.tenable.com/security/tns-2021-10" ], "PublishedDate": "2021-02-16T17:15:13.3Z", "LastModifiedDate": "2024-06-21T19:15:17.007Z" }, { "VulnerabilityID": "CVE-2021-3712", "VendorIDs": [ "DSA-4963-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1d-0+deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Read buffer overruns processing ASN.1 strings", "Description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V2Score": 5.8, "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2021/08/26/2", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json", "https://access.redhat.com/security/cve/CVE-2021-3712", "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf", "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366", "https://linux.oracle.com/cve/CVE-2021-3712.html", "https://linux.oracle.com/errata/ELSA-2022-9023.html", "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html", "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-3712", "https://rustsec.org/advisories/RUSTSEC-2021-0098.html", "https://security.gentoo.org/glsa/202209-02", "https://security.gentoo.org/glsa/202210-02", "https://security.netapp.com/advisory/ntap-20210827-0010", "https://security.netapp.com/advisory/ntap-20210827-0010/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-5051-1", "https://ubuntu.com/security/notices/USN-5051-2", "https://ubuntu.com/security/notices/USN-5051-3", "https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)", "https://ubuntu.com/security/notices/USN-5088-1", "https://www.cve.org/CVERecord?id=CVE-2021-3712", "https://www.debian.org/security/2021/dsa-4963", "https://www.openssl.org/news/secadv/20210824.txt", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://www.tenable.com/security/tns-2021-16", "https://www.tenable.com/security/tns-2022-02" ], "PublishedDate": "2021-08-24T15:15:09.533Z", "LastModifiedDate": "2024-06-21T19:15:20.433Z" }, { "VulnerabilityID": "CVE-2022-0778", "VendorIDs": [ "DSA-5103-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1d-0+deb10u8", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0778", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates", "Description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", "http://seclists.org/fulldisclosure/2022/May/33", "http://seclists.org/fulldisclosure/2022/May/35", "http://seclists.org/fulldisclosure/2022/May/38", "https://access.redhat.com/errata/RHSA-2022:5326", "https://access.redhat.com/security/cve/CVE-2022-0778", "https://bugzilla.redhat.com/2062202", "https://bugzilla.redhat.com/show_bug.cgi?id=2062202", "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778", "https://errata.almalinux.org/8/ALSA-2022-5326.html", "https://errata.rockylinux.org/RLSA-2022:4899", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246", "https://linux.oracle.com/cve/CVE-2022-0778.html", "https://linux.oracle.com/errata/ELSA-2022-9272.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG", "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", "https://rustsec.org/advisories/RUSTSEC-2022-0014.html", "https://security.gentoo.org/glsa/202210-02", "https://security.netapp.com/advisory/ntap-20220321-0002", "https://security.netapp.com/advisory/ntap-20220321-0002/", "https://security.netapp.com/advisory/ntap-20220429-0005", "https://security.netapp.com/advisory/ntap-20220429-0005/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://support.apple.com/kb/HT213255", "https://support.apple.com/kb/HT213256", "https://support.apple.com/kb/HT213257", "https://ubuntu.com/security/notices/USN-5328-1", "https://ubuntu.com/security/notices/USN-5328-2", "https://ubuntu.com/security/notices/USN-6457-1", "https://www.cve.org/CVERecord?id=CVE-2022-0778", "https://www.debian.org/security/2022/dsa-5103", "https://www.openssl.org/news/secadv/20220315.txt", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.tenable.com/security/tns-2022-06", "https://www.tenable.com/security/tns-2022-07", "https://www.tenable.com/security/tns-2022-08", "https://www.tenable.com/security/tns-2022-09" ], "PublishedDate": "2022-03-15T17:15:08.513Z", "LastModifiedDate": "2024-06-21T19:15:21.473Z" }, { "VulnerabilityID": "CVE-2022-4450", "VendorIDs": [ "DLA-3325-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: double free after calling PEM_read_bio_ex", "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.\n\n\n", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2022-4450", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", "https://linux.oracle.com/cve/CVE-2022-4450.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://www.cve.org/CVERecord?id=CVE-2022-4450", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:23.973Z", "LastModifiedDate": "2024-02-04T09:15:08.733Z" }, { "VulnerabilityID": "CVE-2023-0215", "VendorIDs": [ "DLA-3325-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: use-after-free following BIO_new_NDEF", "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2023-0215", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", "https://linux.oracle.com/cve/CVE-2023-0215.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230427-0007", "https://security.netapp.com/advisory/ntap-20230427-0007/", "https://security.netapp.com/advisory/ntap-20230427-0009", "https://security.netapp.com/advisory/ntap-20230427-0009/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-5845-1", "https://ubuntu.com/security/notices/USN-5845-2", "https://ubuntu.com/security/notices/USN-6564-1", "https://www.cve.org/CVERecord?id=CVE-2023-0215", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.107Z", "LastModifiedDate": "2024-06-21T19:15:24.33Z" }, { "VulnerabilityID": "CVE-2023-0286", "VendorIDs": [ "DLA-3325-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: X.400 address type confusion in X.509 GeneralName", "Description": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n", "Severity": "HIGH", "CweIDs": [ "CWE-843" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2023-0286", "https://access.redhat.com/security/cve/cve-2023-0286", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", "https://linux.oracle.com/cve/CVE-2023-0286.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-5845-1", "https://ubuntu.com/security/notices/USN-5845-2", "https://ubuntu.com/security/notices/USN-6564-1", "https://www.cve.org/CVERecord?id=CVE-2023-0286", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.267Z", "LastModifiedDate": "2024-02-04T09:15:09.113Z" }, { "VulnerabilityID": "CVE-2023-0464", "VendorIDs": [ "DLA-3449-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints", "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0464", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", "https://linux.oracle.com/cve/CVE-2023-0464.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-6039-1", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2023-0464", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230322.txt" ], "PublishedDate": "2023-03-22T17:15:13.13Z", "LastModifiedDate": "2024-06-21T19:15:24.5Z" }, { "VulnerabilityID": "CVE-2019-1551", "VendorIDs": [ "DSA-4855-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1d-0+deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html", "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", "https://access.redhat.com/security/cve/CVE-2019-1551", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=419102400a2811582a7a3d4a4e317d72e5ce0a8f", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f1c5eea8a817075d31e43f5876993c6710238c98", "https://github.com/openssl/openssl/pull/10575", "https://linux.oracle.com/cve/CVE-2019-1551.html", "https://linux.oracle.com/errata/ELSA-2020-4514.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/", "https://nvd.nist.gov/vuln/detail/CVE-2019-1551", "https://seclists.org/bugtraq/2019/Dec/39", "https://seclists.org/bugtraq/2019/Dec/46", "https://security.gentoo.org/glsa/202004-10", "https://security.netapp.com/advisory/ntap-20191210-0001/", "https://ubuntu.com/security/notices/USN-4376-1", "https://ubuntu.com/security/notices/USN-4504-1", "https://usn.ubuntu.com/4376-1/", "https://usn.ubuntu.com/4504-1/", "https://www.cve.org/CVERecord?id=CVE-2019-1551", "https://www.debian.org/security/2019/dsa-4594", "https://www.debian.org/security/2021/dsa-4855", "https://www.openssl.org/news/secadv/20191206.txt", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com/security-alerts/cpujan2021.html", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://www.tenable.com/security/tns-2019-09", "https://www.tenable.com/security/tns-2020-03", "https://www.tenable.com/security/tns-2020-11", "https://www.tenable.com/security/tns-2021-10" ], "PublishedDate": "2019-12-06T18:15:12.84Z", "LastModifiedDate": "2023-11-07T03:08:28.98Z" }, { "VulnerabilityID": "CVE-2020-1971", "VendorIDs": [ "DSA-4807-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1d-0+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1971", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: EDIPARTYNAME NULL pointer de-reference", "Description": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2021/09/14/2", "https://access.redhat.com/security/cve/CVE-2020-1971", "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676", "https://linux.oracle.com/cve/CVE-2020-1971.html", "https://linux.oracle.com/errata/ELSA-2021-9150.html", "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html", "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/", "https://nvd.nist.gov/vuln/detail/CVE-2020-1971", "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc", "https://security.gentoo.org/glsa/202012-13", "https://security.netapp.com/advisory/ntap-20201218-0005/", "https://security.netapp.com/advisory/ntap-20210513-0002/", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-4662-1", "https://ubuntu.com/security/notices/USN-4745-1", "https://www.cve.org/CVERecord?id=CVE-2020-1971", "https://www.debian.org/security/2020/dsa-4807", "https://www.openssl.org/news/secadv/20201208.txt", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2021.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://www.tenable.com/security/tns-2020-11", "https://www.tenable.com/security/tns-2021-09", "https://www.tenable.com/security/tns-2021-10" ], "PublishedDate": "2020-12-08T16:15:11.73Z", "LastModifiedDate": "2024-06-21T19:15:16.17Z" }, { "VulnerabilityID": "CVE-2021-23841", "VendorIDs": [ "DSA-4855-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1d-0+deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23841", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()", "Description": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://seclists.org/fulldisclosure/2021/May/67", "http://seclists.org/fulldisclosure/2021/May/68", "http://seclists.org/fulldisclosure/2021/May/70", "https://access.redhat.com/security/cve/CVE-2021-23841", "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2", "https://github.com/alexcrichton/openssl-src-rs", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846", "https://linux.oracle.com/cve/CVE-2021-23841.html", "https://linux.oracle.com/errata/ELSA-2021-9561.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-23841", "https://rustsec.org/advisories/RUSTSEC-2021-0058", "https://rustsec.org/advisories/RUSTSEC-2021-0058.html", "https://security.gentoo.org/glsa/202103-03", "https://security.netapp.com/advisory/ntap-20210219-0009", "https://security.netapp.com/advisory/ntap-20210219-0009/", "https://security.netapp.com/advisory/ntap-20210513-0002", "https://security.netapp.com/advisory/ntap-20210513-0002/", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://support.apple.com/kb/HT212528", "https://support.apple.com/kb/HT212529", "https://support.apple.com/kb/HT212534", "https://ubuntu.com/security/notices/USN-4738-1", "https://ubuntu.com/security/notices/USN-4745-1", "https://www.cve.org/CVERecord?id=CVE-2021-23841", "https://www.debian.org/security/2021/dsa-4855", "https://www.openssl.org/news/secadv/20210216.txt", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://www.tenable.com/security/tns-2021-03", "https://www.tenable.com/security/tns-2021-09" ], "PublishedDate": "2021-02-16T17:15:13.377Z", "LastModifiedDate": "2024-06-21T19:15:17.377Z" }, { "VulnerabilityID": "CVE-2021-3449", "VendorIDs": [ "DSA-4875-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1d-0+deb10u6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3449", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: NULL pointer dereference in signature_algorithms processing", "Description": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2021/03/27/1", "http://www.openwall.com/lists/oss-security/2021/03/27/2", "http://www.openwall.com/lists/oss-security/2021/03/28/3", "http://www.openwall.com/lists/oss-security/2021/03/28/4", "https://access.redhat.com/security/cve/CVE-2021-3449", "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148", "https://github.com/alexcrichton/openssl-src-rs", "https://github.com/nodejs/node/pull/38083", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356", "https://linux.oracle.com/cve/CVE-2021-3449.html", "https://linux.oracle.com/errata/ELSA-2021-9151.html", "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP", "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", "https://rustsec.org/advisories/RUSTSEC-2021-0055", "https://rustsec.org/advisories/RUSTSEC-2021-0055.html", "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", "https://security.gentoo.org/glsa/202103-03", "https://security.netapp.com/advisory/ntap-20210326-0006", "https://security.netapp.com/advisory/ntap-20210326-0006/", "https://security.netapp.com/advisory/ntap-20210513-0002", "https://security.netapp.com/advisory/ntap-20210513-0002/", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd", "https://ubuntu.com/security/notices/USN-4891-1", "https://ubuntu.com/security/notices/USN-5038-1", "https://www.cve.org/CVERecord?id=CVE-2021-3449", "https://www.debian.org/security/2021/dsa-4875", "https://www.openssl.org/news/secadv/20210325.txt", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://www.tenable.com/security/tns-2021-05", "https://www.tenable.com/security/tns-2021-06", "https://www.tenable.com/security/tns-2021-09", "https://www.tenable.com/security/tns-2021-10" ], "PublishedDate": "2021-03-25T15:15:13.45Z", "LastModifiedDate": "2024-06-21T19:15:19.71Z" }, { "VulnerabilityID": "CVE-2021-4160", "VendorIDs": [ "DSA-5103-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1d-0+deb10u8", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4160", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Carry propagation bug in the MIPS32 and MIPS64 squaring procedure", "Description": "There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).", "Severity": "MEDIUM", "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V2Score": 4.3, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-4160", "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb", "https://nvd.nist.gov/vuln/detail/CVE-2021-4160", "https://security.gentoo.org/glsa/202210-02", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://www.cve.org/CVERecord?id=CVE-2021-4160", "https://www.debian.org/security/2022/dsa-5103", "https://www.openssl.org/news/secadv/20220128.txt", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-01-28T22:15:15.133Z", "LastModifiedDate": "2024-06-21T19:15:21.32Z" }, { "VulnerabilityID": "CVE-2022-2097", "VendorIDs": [ "DLA-3325-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2097", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: AES OCB fails to encrypt some bytes", "Description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", "Severity": "MEDIUM", "CweIDs": [ "CWE-327" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:6224", "https://access.redhat.com/security/cve/CVE-2022-2097", "https://bugzilla.redhat.com/2081494", "https://bugzilla.redhat.com/2087911", "https://bugzilla.redhat.com/2087913", "https://bugzilla.redhat.com/2097310", "https://bugzilla.redhat.com/2104905", "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "https://errata.almalinux.org/9/ALSA-2022-6224.html", "https://errata.rockylinux.org/RLSA-2022:5818", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93", "https://github.com/alexcrichton/openssl-src-rs", "https://linux.oracle.com/cve/CVE-2022-2097.html", "https://linux.oracle.com/errata/ELSA-2022-9751.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA", "https://nvd.nist.gov/vuln/detail/CVE-2022-2097", "https://rustsec.org/advisories/RUSTSEC-2022-0032.html", "https://security.gentoo.org/glsa/202210-02", "https://security.netapp.com/advisory/ntap-20220715-0011", "https://security.netapp.com/advisory/ntap-20220715-0011/", "https://security.netapp.com/advisory/ntap-20230420-0008", "https://security.netapp.com/advisory/ntap-20230420-0008/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-5502-1", "https://ubuntu.com/security/notices/USN-6457-1", "https://www.cve.org/CVERecord?id=CVE-2022-2097", "https://www.debian.org/security/2023/dsa-5343", "https://www.openssl.org/news/secadv/20220705.txt" ], "PublishedDate": "2022-07-05T11:15:08.34Z", "LastModifiedDate": "2024-06-21T19:15:23.083Z" }, { "VulnerabilityID": "CVE-2022-4304", "VendorIDs": [ "DLA-3325-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: timing attack in RSA Decryption implementation", "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2022-4304", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://linux.oracle.com/cve/CVE-2022-4304.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://www.cve.org/CVERecord?id=CVE-2022-4304", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:23.887Z", "LastModifiedDate": "2024-02-04T09:15:08.627Z" }, { "VulnerabilityID": "CVE-2023-0465", "VendorIDs": [ "DLA-3449-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Invalid certificate policies in leaf certificates are silently ignored", "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0465", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", "https://linux.oracle.com/cve/CVE-2023-0465.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230414-0001/", "https://ubuntu.com/security/notices/USN-6039-1", "https://www.cve.org/CVERecord?id=CVE-2023-0465", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230328.txt" ], "PublishedDate": "2023-03-28T15:15:06.82Z", "LastModifiedDate": "2024-02-04T09:15:09.43Z" }, { "VulnerabilityID": "CVE-2023-0466", "VendorIDs": [ "DLA-3449-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Certificate policy check not enabled", "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/09/28/4", "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0466", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", "https://linux.oracle.com/cve/CVE-2023-0466.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230414-0001/", "https://ubuntu.com/security/notices/USN-6039-1", "https://www.cve.org/CVERecord?id=CVE-2023-0466", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230328.txt" ], "PublishedDate": "2023-03-28T15:15:06.88Z", "LastModifiedDate": "2024-02-04T09:15:09.54Z" }, { "VulnerabilityID": "CVE-2023-2650", "VendorIDs": [ "DLA-3449-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Possible DoS translating ASN.1 object identifiers", "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/05/30/1", "https://access.redhat.com/errata/RHSA-2023:6330", "https://access.redhat.com/security/cve/CVE-2023-2650", "https://bugzilla.redhat.com/1858038", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-6330.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", "https://linux.oracle.com/cve/CVE-2023-2650.html", "https://linux.oracle.com/errata/ELSA-2023-6330.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230703-0001/", "https://security.netapp.com/advisory/ntap-20231027-0009/", "https://ubuntu.com/security/notices/USN-6119-1", "https://ubuntu.com/security/notices/USN-6188-1", "https://ubuntu.com/security/notices/USN-6672-1", "https://www.cve.org/CVERecord?id=CVE-2023-2650", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230530.txt" ], "PublishedDate": "2023-05-30T14:15:09.683Z", "LastModifiedDate": "2024-02-04T09:15:09.643Z" }, { "VulnerabilityID": "CVE-2023-3446", "VendorIDs": [ "DLA-3530-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Excessive time spent checking DH keys and parameters", "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1333" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/07/19/4", "http://www.openwall.com/lists/oss-security/2023/07/19/5", "http://www.openwall.com/lists/oss-security/2023/07/19/6", "http://www.openwall.com/lists/oss-security/2023/07/31/1", "http://www.openwall.com/lists/oss-security/2024/05/16/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-3446", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2257582", "https://bugzilla.redhat.com/show_bug.cgi?id=2257583", "https://bugzilla.redhat.com/show_bug.cgi?id=2258677", "https://bugzilla.redhat.com/show_bug.cgi?id=2258688", "https://bugzilla.redhat.com/show_bug.cgi?id=2258691", "https://bugzilla.redhat.com/show_bug.cgi?id=2258694", "https://bugzilla.redhat.com/show_bug.cgi?id=2258700", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2024:2264", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", "https://linux.oracle.com/cve/CVE-2023-3446.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230803-0011/", "https://ubuntu.com/security/notices/USN-6435-1", "https://ubuntu.com/security/notices/USN-6435-2", "https://ubuntu.com/security/notices/USN-6450-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://www.cve.org/CVERecord?id=CVE-2023-3446", "https://www.openssl.org/news/secadv/20230719.txt" ], "PublishedDate": "2023-07-19T12:15:10.003Z", "LastModifiedDate": "2024-06-10T17:16:12.867Z" }, { "VulnerabilityID": "CVE-2023-3817", "VendorIDs": [ "DLA-3530-1" ], "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "FixedVersion": "1.1.1n-0+deb10u6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "OpenSSL: Excessive time spent checking DH q parameter value", "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-834" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://seclists.org/fulldisclosure/2023/Jul/43", "http://www.openwall.com/lists/oss-security/2023/07/31/1", "http://www.openwall.com/lists/oss-security/2023/09/22/11", "http://www.openwall.com/lists/oss-security/2023/09/22/9", "http://www.openwall.com/lists/oss-security/2023/11/06/2", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-3817", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", "https://linux.oracle.com/cve/CVE-2023-3817.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230818-0014/", "https://security.netapp.com/advisory/ntap-20231027-0008/", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-6435-1", "https://ubuntu.com/security/notices/USN-6435-2", "https://ubuntu.com/security/notices/USN-6450-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://www.cve.org/CVERecord?id=CVE-2023-3817", "https://www.openssl.org/news/secadv/20230731.txt" ], "PublishedDate": "2023-07-31T16:15:10.497Z", "LastModifiedDate": "2024-06-21T19:15:28.01Z" }, { "VulnerabilityID": "CVE-2023-5678", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5678", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", "Description": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-5678", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "https://linux.oracle.com/cve/CVE-2023-5678.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", "https://security.netapp.com/advisory/ntap-20231130-0010/", "https://ubuntu.com/security/notices/USN-6622-1", "https://ubuntu.com/security/notices/USN-6632-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://www.cve.org/CVERecord?id=CVE-2023-5678", "https://www.openssl.org/news/secadv/20231106.txt" ], "PublishedDate": "2023-11-06T16:15:42.67Z", "LastModifiedDate": "2024-05-01T18:15:12.393Z" }, { "VulnerabilityID": "CVE-2024-0727", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: denial of service via null dereference", "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "MEDIUM", "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2024-0727", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", "https://github.com/github/advisory-database/pull/3472", "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", "https://github.com/openssl/openssl/pull/23362", "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", "https://linux.oracle.com/cve/CVE-2024-0727.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", "https://security.netapp.com/advisory/ntap-20240208-0006", "https://security.netapp.com/advisory/ntap-20240208-0006/", "https://ubuntu.com/security/notices/USN-6622-1", "https://ubuntu.com/security/notices/USN-6632-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://www.cve.org/CVERecord?id=CVE-2024-0727", "https://www.openssl.org/news/secadv/20240125.txt" ], "PublishedDate": "2024-01-26T09:15:07.637Z", "LastModifiedDate": "2024-05-01T18:15:13.057Z" }, { "VulnerabilityID": "CVE-2024-4741", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-4741", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Use After Free with SSL_free_buffers", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Severity": "MEDIUM", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-4741", "https://nvd.nist.gov/vuln/detail/CVE-2024-4741", "https://ubuntu.com/security/notices/USN-6937-1", "https://www.cve.org/CVERecord?id=CVE-2024-4741", "https://www.openssl.org/news/secadv/20240528.txt" ] }, { "VulnerabilityID": "CVE-2024-5535", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-5535", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: SSL_select_next_proto buffer overread", "Description": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an\nempty supported client protocols buffer may cause a crash or memory contents to\nbe sent to the peer.\n\nImpact summary: A buffer overread can have a range of potential consequences\nsuch as unexpected application beahviour or a crash. In particular this issue\ncould result in up to 255 bytes of arbitrary private data from memory being sent\nto the peer leading to a loss of confidentiality. However, only applications\nthat directly call the SSL_select_next_proto function with a 0 length list of\nsupported client protocols are affected by this issue. This would normally never\nbe a valid scenario and is typically not under attacker control but may occur by\naccident in the case of a configuration or programming error in the calling\napplication.\n\nThe OpenSSL API function SSL_select_next_proto is typically used by TLS\napplications that support ALPN (Application Layer Protocol Negotiation) or NPN\n(Next Protocol Negotiation). NPN is older, was never standardised and\nis deprecated in favour of ALPN. We believe that ALPN is significantly more\nwidely deployed than NPN. The SSL_select_next_proto function accepts a list of\nprotocols from the server and a list of protocols from the client and returns\nthe first protocol that appears in the server list that also appears in the\nclient list. In the case of no overlap between the two lists it returns the\nfirst item in the client list. In either case it will signal whether an overlap\nbetween the two lists was found. In the case where SSL_select_next_proto is\ncalled with a zero length client list it fails to notice this condition and\nreturns the memory immediately following the client list pointer (and reports\nthat there was no overlap in the lists).\n\nThis function is typically called from a server side application callback for\nALPN or a client side application callback for NPN. In the case of ALPN the list\nof protocols supplied by the client is guaranteed by libssl to never be zero in\nlength. The list of server protocols comes from the application and should never\nnormally be expected to be of zero length. In this case if the\nSSL_select_next_proto function has been called as expected (with the list\nsupplied by the client passed in the client/client_len parameters), then the\napplication will not be vulnerable to this issue. If the application has\naccidentally been configured with a zero length server list, and has\naccidentally passed that zero length server list in the client/client_len\nparameters, and has additionally failed to correctly handle a \"no overlap\"\nresponse (which would normally result in a handshake failure in ALPN) then it\nwill be vulnerable to this problem.\n\nIn the case of NPN, the protocol permits the client to opportunistically select\na protocol when there is no overlap. OpenSSL returns the first client protocol\nin the no overlap case in support of this. The list of client protocols comes\nfrom the application and should never normally be expected to be of zero length.\nHowever if the SSL_select_next_proto function is accidentally called with a\nclient_len of 0 then an invalid memory pointer will be returned instead. If the\napplication uses this output as the opportunistic protocol then the loss of\nconfidentiality will occur.\n\nThis issue has been assessed as Low severity because applications are most\nlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is not\nwidely used. It also requires an application configuration or programming error.\nFinally, this issue would not typically be under attacker control making active\nexploitation unlikely.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\nDue to the low severity of this issue we are not issuing new releases of\nOpenSSL at this time. The fix will be included in the next releases when they\nbecome available.", "Severity": "MEDIUM", "CweIDs": [ "CWE-200" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/27/1", "http://www.openwall.com/lists/oss-security/2024/06/28/4", "https://access.redhat.com/security/cve/CVE-2024-5535", "https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37", "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e", "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c", "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c", "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c", "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87", "https://nvd.nist.gov/vuln/detail/CVE-2024-5535", "https://openssl.org/news/secadv/20240627.txt", "https://security.netapp.com/advisory/ntap-20240712-0005/", "https://ubuntu.com/security/notices/USN-6937-1", "https://www.cve.org/CVERecord?id=CVE-2024-5535", "https://www.openssl.org/news/secadv/20240627.txt" ], "PublishedDate": "2024-06-27T11:15:24.447Z", "LastModifiedDate": "2024-07-12T14:15:16.79Z" }, { "VulnerabilityID": "CVE-2024-2511", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1d-0+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2511", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openssl: Unbounded memory growth with session handling in TLSv1.3", "Description": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue.", "Severity": "LOW", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/08/5", "https://access.redhat.com/security/cve/CVE-2024-2511", "https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce", "https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d", "https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08", "https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640", "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", "https://security.netapp.com/advisory/ntap-20240503-0013/", "https://ubuntu.com/security/notices/USN-6937-1", "https://www.cve.org/CVERecord?id=CVE-2024-2511", "https://www.openssl.org/news/secadv/20240408.txt", "https://www.openssl.org/news/vulnerabilities.html" ], "PublishedDate": "2024-04-08T14:15:07.66Z", "LastModifiedDate": "2024-05-03T13:15:21.93Z" }, { "VulnerabilityID": "CVE-2018-12886", "PkgName": "libstdc++6", "InstalledVersion": "8.3.0-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12886", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", "Description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", "Severity": "HIGH", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-12886", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=89d7557202d25a393666ac4c0f7dbdab31e452a2", "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379\u0026view=markup", "https://nvd.nist.gov/vuln/detail/CVE-2018-12886", "https://www.cve.org/CVERecord?id=CVE-2018-12886", "https://www.gnu.org/software/gcc/gcc-8/changes.html" ], "PublishedDate": "2019-05-22T19:29:00.297Z", "LastModifiedDate": "2020-08-24T17:37:01.14Z" }, { "VulnerabilityID": "CVE-2019-15847", "PkgName": "libstdc++6", "InstalledVersion": "8.3.0-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15847", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", "Description": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", "Severity": "HIGH", "CweIDs": [ "CWE-331" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", "https://access.redhat.com/security/cve/CVE-2019-15847", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=457dac402027dd7e14543fbd59a75858422cf6c6", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e99bfdd2a8db732ea84cf0a6486707e5e821ad7e", "https://linux.oracle.com/cve/CVE-2019-15847.html", "https://linux.oracle.com/errata/ELSA-2020-1864.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-15847", "https://www.cve.org/CVERecord?id=CVE-2019-15847" ], "PublishedDate": "2019-09-02T23:15:10.837Z", "LastModifiedDate": "2020-09-17T13:38:06.51Z" }, { "VulnerabilityID": "CVE-2023-4039", "PkgName": "libstdc++6", "InstalledVersion": "8.3.0-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4039", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64", "Description": "\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-693" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-4039", "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", "https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt", "https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html", "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", "https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org", "https://linux.oracle.com/cve/CVE-2023-4039.html", "https://linux.oracle.com/errata/ELSA-2023-28766.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-4039", "https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html", "https://www.cve.org/CVERecord?id=CVE-2023-4039" ], "PublishedDate": "2023-09-13T09:15:15.69Z", "LastModifiedDate": "2024-08-02T08:15:14.993Z" }, { "VulnerabilityID": "CVE-2019-3843", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", "Severity": "HIGH", "CweIDs": [ "CWE-269", "CWE-266" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 4.5 } }, "References": [ "http://www.securityfocus.com/bid/108116", "https://access.redhat.com/security/cve/CVE-2019-3843", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", "https://linux.oracle.com/cve/CVE-2019-3843.html", "https://linux.oracle.com/errata/ELSA-2020-1794.html", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", "https://nvd.nist.gov/vuln/detail/CVE-2019-3843", "https://security.netapp.com/advisory/ntap-20190619-0002/", "https://ubuntu.com/security/notices/USN-4269-1", "https://usn.ubuntu.com/4269-1/", "https://www.cve.org/CVERecord?id=CVE-2019-3843" ], "PublishedDate": "2019-04-26T21:29:00.36Z", "LastModifiedDate": "2023-11-07T03:10:14.033Z" }, { "VulnerabilityID": "CVE-2019-3844", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", "Severity": "HIGH", "CweIDs": [ "CWE-268" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 4.5 } }, "References": [ "http://www.securityfocus.com/bid/108096", "https://access.redhat.com/security/cve/CVE-2019-3844", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", "https://linux.oracle.com/cve/CVE-2019-3844.html", "https://linux.oracle.com/errata/ELSA-2020-1794.html", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2019-3844", "https://security.netapp.com/advisory/ntap-20190619-0002/", "https://ubuntu.com/security/notices/USN-4269-1", "https://usn.ubuntu.com/4269-1/", "https://www.cve.org/CVERecord?id=CVE-2019-3844" ], "PublishedDate": "2019-04-26T21:29:00.423Z", "LastModifiedDate": "2023-11-07T03:10:14.13Z" }, { "VulnerabilityID": "CVE-2020-1712", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "FixedVersion": "241-7~deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: use-after-free when asynchronous polkit queries are performed", "Description": "A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-1712", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712", "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54", "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d", "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2", "https://linux.oracle.com/cve/CVE-2020-1712.html", "https://linux.oracle.com/errata/ELSA-2020-0575.html", "https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-1712", "https://ubuntu.com/security/notices/USN-4269-1", "https://www.cve.org/CVERecord?id=CVE-2020-1712", "https://www.openwall.com/lists/oss-security/2020/02/05/1" ], "PublishedDate": "2020-03-31T17:15:26.577Z", "LastModifiedDate": "2023-11-07T03:19:28.413Z" }, { "VulnerabilityID": "CVE-2023-26604", "VendorIDs": [ "DLA-3377-1" ], "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "FixedVersion": "241-7~deb10u9", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-26604", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: privilege escalation via the less pager", "Description": "systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.", "Severity": "HIGH", "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html", "https://access.redhat.com/errata/RHSA-2023:3837", "https://access.redhat.com/security/cve/CVE-2023-26604", "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/", "https://bugzilla.redhat.com/2175611", "https://bugzilla.redhat.com/show_bug.cgi?id=2175611", "https://bugzilla.redhat.com/show_bug.cgi?id=2190153", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26604", "https://errata.almalinux.org/8/ALSA-2023-3837.html", "https://errata.rockylinux.org/RLSA-2023:3837", "https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340", "https://github.com/systemd/systemd/issues/5666", "https://linux.oracle.com/cve/CVE-2023-26604.html", "https://linux.oracle.com/errata/ELSA-2023-3837.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html", "https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7", "https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7", "https://nvd.nist.gov/vuln/detail/CVE-2023-26604", "https://security.netapp.com/advisory/ntap-20230505-0009/", "https://www.cve.org/CVERecord?id=CVE-2023-26604" ], "PublishedDate": "2023-03-03T16:15:10.607Z", "LastModifiedDate": "2023-11-07T04:09:41.293Z" }, { "VulnerabilityID": "CVE-2023-50387", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50387", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator", "Description": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/02/16/2", "http://www.openwall.com/lists/oss-security/2024/02/16/3", "https://access.redhat.com/errata/RHSA-2024:2551", "https://access.redhat.com/security/cve/CVE-2023-50387", "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released", "https://bugzilla.redhat.com/2263896", "https://bugzilla.redhat.com/2263897", "https://bugzilla.redhat.com/2263909", "https://bugzilla.redhat.com/2263911", "https://bugzilla.redhat.com/2263914", "https://bugzilla.redhat.com/2263917", "https://bugzilla.redhat.com/show_bug.cgi?id=2263896", "https://bugzilla.redhat.com/show_bug.cgi?id=2263897", "https://bugzilla.redhat.com/show_bug.cgi?id=2263909", "https://bugzilla.redhat.com/show_bug.cgi?id=2263911", "https://bugzilla.redhat.com/show_bug.cgi?id=2263914", "https://bugzilla.redhat.com/show_bug.cgi?id=2263917", "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6516", "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "https://errata.almalinux.org/9/ALSA-2024-2551.html", "https://errata.rockylinux.org/RLSA-2024:2551", "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "https://kb.isc.org/docs/cve-2023-50387", "https://linux.oracle.com/cve/CVE-2023-50387.html", "https://linux.oracle.com/errata/ELSA-2024-3741.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "https://news.ycombinator.com/item?id=39367411", "https://news.ycombinator.com/item?id=39372384", "https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt", "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "https://nvd.nist.gov/vuln/detail/CVE-2023-50387", "https://security.netapp.com/advisory/ntap-20240307-0007/", "https://ubuntu.com/security/notices/USN-6633-1", "https://ubuntu.com/security/notices/USN-6642-1", "https://ubuntu.com/security/notices/USN-6657-1", "https://ubuntu.com/security/notices/USN-6657-2", "https://ubuntu.com/security/notices/USN-6665-1", "https://ubuntu.com/security/notices/USN-6723-1", "https://www.athene-center.de/aktuelles/key-trap", "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "https://www.cve.org/CVERecord?id=CVE-2023-50387", "https://www.isc.org/blogs/2024-bind-security-release/", "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html", "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/" ], "PublishedDate": "2024-02-14T16:15:45.3Z", "LastModifiedDate": "2024-06-10T17:16:15.963Z" }, { "VulnerabilityID": "CVE-2023-50868", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50868", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources", "Description": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/02/16/2", "http://www.openwall.com/lists/oss-security/2024/02/16/3", "https://access.redhat.com/errata/RHSA-2024:2551", "https://access.redhat.com/security/cve/CVE-2023-50868", "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released", "https://bugzilla.redhat.com/2263896", "https://bugzilla.redhat.com/2263897", "https://bugzilla.redhat.com/2263909", "https://bugzilla.redhat.com/2263911", "https://bugzilla.redhat.com/2263914", "https://bugzilla.redhat.com/2263917", "https://bugzilla.redhat.com/show_bug.cgi?id=2263896", "https://bugzilla.redhat.com/show_bug.cgi?id=2263897", "https://bugzilla.redhat.com/show_bug.cgi?id=2263909", "https://bugzilla.redhat.com/show_bug.cgi?id=2263911", "https://bugzilla.redhat.com/show_bug.cgi?id=2263914", "https://bugzilla.redhat.com/show_bug.cgi?id=2263917", "https://bugzilla.suse.com/show_bug.cgi?id=1219826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6516", "https://datatracker.ietf.org/doc/html/rfc5155", "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "https://errata.almalinux.org/9/ALSA-2024-2551.html", "https://errata.rockylinux.org/RLSA-2024:2551", "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "https://kb.isc.org/docs/cve-2023-50868", "https://linux.oracle.com/cve/CVE-2023-50868.html", "https://linux.oracle.com/errata/ELSA-2024-3741.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt", "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "https://nvd.nist.gov/vuln/detail/CVE-2023-50868", "https://security.netapp.com/advisory/ntap-20240307-0008/", "https://ubuntu.com/security/notices/USN-6633-1", "https://ubuntu.com/security/notices/USN-6642-1", "https://ubuntu.com/security/notices/USN-6657-1", "https://ubuntu.com/security/notices/USN-6657-2", "https://ubuntu.com/security/notices/USN-6665-1", "https://ubuntu.com/security/notices/USN-6723-1", "https://www.cve.org/CVERecord?id=CVE-2023-50868", "https://www.isc.org/blogs/2024-bind-security-release/", "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html" ], "PublishedDate": "2024-02-14T16:15:45.377Z", "LastModifiedDate": "2024-06-10T17:16:16.2Z" }, { "VulnerabilityID": "CVE-2021-33910", "VendorIDs": [ "DSA-4942-1" ], "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "FixedVersion": "241-7~deb10u8", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33910", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash", "Description": "basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html", "http://www.openwall.com/lists/oss-security/2021/08/04/2", "http://www.openwall.com/lists/oss-security/2021/08/17/3", "http://www.openwall.com/lists/oss-security/2021/09/07/3", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33910.json", "https://access.redhat.com/security/cve/CVE-2021-33910", "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b", "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce", "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538", "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61", "https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b", "https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9", "https://linux.oracle.com/cve/CVE-2021-33910.html", "https://linux.oracle.com/errata/ELSA-2021-2717.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", "https://nvd.nist.gov/vuln/detail/CVE-2021-33910", "https://security.gentoo.org/glsa/202107-48", "https://security.netapp.com/advisory/ntap-20211104-0008/", "https://ubuntu.com/security/notices/USN-5013-1", "https://ubuntu.com/security/notices/USN-5013-2", "https://www.cve.org/CVERecord?id=CVE-2021-33910", "https://www.debian.org/security/2021/dsa-4942", "https://www.openwall.com/lists/oss-security/2021/07/20/2", "https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt" ], "PublishedDate": "2021-07-20T19:15:09.783Z", "LastModifiedDate": "2023-11-07T03:35:56.16Z" }, { "VulnerabilityID": "CVE-2021-3997", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3997", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: Uncontrolled recursion in systemd-tmpfiles when removing files", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-3997", "https://bugzilla.redhat.com/show_bug.cgi?id=2024639", "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1", "https://nvd.nist.gov/vuln/detail/CVE-2021-3997", "https://security.gentoo.org/glsa/202305-15", "https://ubuntu.com/security/notices/USN-5226-1", "https://www.cve.org/CVERecord?id=CVE-2021-3997", "https://www.openwall.com/lists/oss-security/2022/01/10/2" ], "PublishedDate": "2022-08-23T20:15:08.67Z", "LastModifiedDate": "2023-05-03T12:15:15.95Z" }, { "VulnerabilityID": "CVE-2022-3821", "VendorIDs": [ "DLA-3474-1" ], "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "FixedVersion": "241-7~deb10u10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3821", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: buffer overrun in format_timespan() function", "Description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-193" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0336", "https://access.redhat.com/security/cve/CVE-2022-3821", "https://bugzilla.redhat.com/2139327", "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3821", "https://errata.almalinux.org/9/ALSA-2023-0336.html", "https://errata.rockylinux.org/RLSA-2023:0336", "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", "https://github.com/systemd/systemd/issues/23928", "https://github.com/systemd/systemd/pull/23933", "https://linux.oracle.com/cve/CVE-2022-3821.html", "https://linux.oracle.com/errata/ELSA-2023-0336.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/", "https://nvd.nist.gov/vuln/detail/CVE-2022-3821", "https://security.gentoo.org/glsa/202305-15", "https://ubuntu.com/security/notices/USN-5928-1", "https://www.cve.org/CVERecord?id=CVE-2022-3821" ], "PublishedDate": "2022-11-08T22:15:16.7Z", "LastModifiedDate": "2023-11-07T03:51:50.43Z" }, { "VulnerabilityID": "CVE-2022-4415", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4415", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting", "Description": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", "Severity": "MEDIUM", "CweIDs": [ "CWE-200" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0954", "https://access.redhat.com/security/cve/CVE-2022-4415", "https://bugzilla.redhat.com/2149063", "https://bugzilla.redhat.com/2155515", "https://bugzilla.redhat.com/show_bug.cgi?id=2149063", "https://bugzilla.redhat.com/show_bug.cgi?id=2155515", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45873", "https://errata.almalinux.org/9/ALSA-2023-0954.html", "https://errata.rockylinux.org/RLSA-2023:0954", "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c", "https://linux.oracle.com/cve/CVE-2022-4415.html", "https://linux.oracle.com/errata/ELSA-2023-0954.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4415", "https://ubuntu.com/security/notices/USN-5928-1", "https://www.cve.org/CVERecord?id=CVE-2022-4415", "https://www.openwall.com/lists/oss-security/2022/12/21/3" ], "PublishedDate": "2023-01-11T15:15:09.59Z", "LastModifiedDate": "2023-02-02T16:19:28.633Z" }, { "VulnerabilityID": "CVE-2023-7008", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7008", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-300" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2463", "https://access.redhat.com/errata/RHSA-2024:3203", "https://access.redhat.com/security/cve/CVE-2023-7008", "https://bugzilla.redhat.com/2222672", "https://bugzilla.redhat.com/show_bug.cgi?id=2222261", "https://bugzilla.redhat.com/show_bug.cgi?id=2222672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008", "https://errata.almalinux.org/9/ALSA-2024-2463.html", "https://errata.rockylinux.org/RLSA-2024:2463", "https://github.com/systemd/systemd/issues/25676", "https://linux.oracle.com/cve/CVE-2023-7008.html", "https://linux.oracle.com/errata/ELSA-2024-3203.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/", "https://nvd.nist.gov/vuln/detail/CVE-2023-7008", "https://www.cve.org/CVERecord?id=CVE-2023-7008" ], "PublishedDate": "2023-12-23T13:15:07.573Z", "LastModifiedDate": "2024-05-22T17:16:10.83Z" }, { "VulnerabilityID": "CVE-2013-4392", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "Severity": "LOW", "CweIDs": [ "CWE-59" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "V2Score": 3.3 }, "redhat": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "V2Score": 3.3 } }, "References": [ "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "http://www.openwall.com/lists/oss-security/2013/10/01/9", "https://access.redhat.com/security/cve/CVE-2013-4392", "https://bugzilla.redhat.com/show_bug.cgi?id=859060", "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "https://www.cve.org/CVERecord?id=CVE-2013-4392" ], "PublishedDate": "2013-10-28T22:55:03.773Z", "LastModifiedDate": "2022-01-31T17:49:14.387Z" }, { "VulnerabilityID": "CVE-2019-20386", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: memory leak in button_open() in login/logind-button.c when udev events are received", "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V2Score": 2.1, "V3Score": 2.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.4 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", "https://access.redhat.com/security/cve/CVE-2019-20386", "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", "https://linux.oracle.com/cve/CVE-2019-20386.html", "https://linux.oracle.com/errata/ELSA-2020-4553.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/", "https://nvd.nist.gov/vuln/detail/CVE-2019-20386", "https://security.netapp.com/advisory/ntap-20200210-0002/", "https://ubuntu.com/security/notices/USN-4269-1", "https://usn.ubuntu.com/4269-1/", "https://www.cve.org/CVERecord?id=CVE-2019-20386" ], "PublishedDate": "2020-01-21T06:15:11.827Z", "LastModifiedDate": "2023-11-07T03:09:08.387Z" }, { "VulnerabilityID": "CVE-2020-13529", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13529", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured", "Description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "Severity": "LOW", "CweIDs": [ "CWE-290" ], "CVSS": { "nvd": { "V2Vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V2Score": 2.9, "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2021/08/04/2", "http://www.openwall.com/lists/oss-security/2021/08/17/3", "http://www.openwall.com/lists/oss-security/2021/09/07/3", "https://access.redhat.com/security/cve/CVE-2020-13529", "https://linux.oracle.com/cve/CVE-2020-13529.html", "https://linux.oracle.com/errata/ELSA-2021-4361.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", "https://nvd.nist.gov/vuln/detail/CVE-2020-13529", "https://security.gentoo.org/glsa/202107-48", "https://security.netapp.com/advisory/ntap-20210625-0005/", "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142", "https://ubuntu.com/security/notices/USN-5013-1", "https://ubuntu.com/security/notices/USN-5013-2", "https://www.cve.org/CVERecord?id=CVE-2020-13529" ], "PublishedDate": "2021-05-10T16:15:07.373Z", "LastModifiedDate": "2023-11-07T03:16:42.717Z" }, { "VulnerabilityID": "CVE-2023-31437", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can modify a seale ...", "Description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.657Z", "LastModifiedDate": "2024-08-02T15:16:07.647Z" }, { "VulnerabilityID": "CVE-2023-31438", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", "Description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.707Z", "LastModifiedDate": "2024-08-02T15:16:07.753Z" }, { "VulnerabilityID": "CVE-2023-31439", "PkgName": "libsystemd0", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can modify the con ...", "Description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.753Z", "LastModifiedDate": "2024-08-02T15:16:07.843Z" }, { "VulnerabilityID": "CVE-2021-46848", "VendorIDs": [ "DLA-3263-1" ], "PkgName": "libtasn1-6", "InstalledVersion": "4.13-3", "FixedVersion": "4.13-3+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46848", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtasn1: Out-of-bound access in ETYPE_OK", "Description": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "Severity": "CRITICAL", "CweIDs": [ "CWE-193" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0343", "https://access.redhat.com/security/cve/CVE-2021-46848", "https://bugs.gentoo.org/866237", "https://bugzilla.redhat.com/2140058", "https://bugzilla.redhat.com/show_bug.cgi?id=2140058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848", "https://errata.almalinux.org/9/ALSA-2023-0343.html", "https://errata.rockylinux.org/RLSA-2023:0343", "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5", "https://gitlab.com/gnutls/libtasn1/-/issues/32", "https://linux.oracle.com/cve/CVE-2021-46848.html", "https://linux.oracle.com/errata/ELSA-2023-0343.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/", "https://nvd.nist.gov/vuln/detail/CVE-2021-46848", "https://security.netapp.com/advisory/ntap-20221118-0006/", "https://ubuntu.com/security/notices/USN-5707-1", "https://www.cve.org/CVERecord?id=CVE-2021-46848" ], "PublishedDate": "2022-10-24T14:15:49.973Z", "LastModifiedDate": "2023-11-07T03:40:05.247Z" }, { "VulnerabilityID": "CVE-2018-1000654", "PkgName": "libtasn1-6", "InstalledVersion": "4.13-3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "Severity": "LOW", "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", "http://www.securityfocus.com/bid/105151", "https://access.redhat.com/security/cve/CVE-2018-1000654", "https://gitlab.com/gnutls/libtasn1/issues/4", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2018-1000654", "https://ubuntu.com/security/notices/USN-5352-1", "https://www.cve.org/CVERecord?id=CVE-2018-1000654" ], "PublishedDate": "2018-08-20T19:31:44.87Z", "LastModifiedDate": "2023-11-07T02:51:12.86Z" }, { "VulnerabilityID": "CVE-2020-35523", "VendorIDs": [ "DSA-4869-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35523", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Integer overflow in tif_getimage.c", "Description": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-35523", "https://bugzilla.redhat.com/show_bug.cgi?id=1932040", "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2", "https://gitlab.com/libtiff/libtiff/-/merge_requests/160", "https://linux.oracle.com/cve/CVE-2020-35523.html", "https://linux.oracle.com/errata/ELSA-2021-4241.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/", "https://nvd.nist.gov/vuln/detail/CVE-2020-35523", "https://security.gentoo.org/glsa/202104-06", "https://security.netapp.com/advisory/ntap-20210521-0009/", "https://ubuntu.com/security/notices/USN-4755-1", "https://ubuntu.com/security/notices/USN-5841-1", "https://www.cve.org/CVERecord?id=CVE-2020-35523", "https://www.debian.org/security/2021/dsa-4869" ], "PublishedDate": "2021-03-09T20:15:12.963Z", "LastModifiedDate": "2023-11-07T03:21:57.303Z" }, { "VulnerabilityID": "CVE-2020-35524", "VendorIDs": [ "DSA-4869-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35524", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Heap-based buffer overflow in TIFF2PDF tool", "Description": "A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-35524", "https://bugzilla.redhat.com/show_bug.cgi?id=1932044", "https://gitlab.com/libtiff/libtiff/-/merge_requests/159", "https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22", "https://linux.oracle.com/cve/CVE-2020-35524.html", "https://linux.oracle.com/errata/ELSA-2021-4241.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/", "https://nvd.nist.gov/vuln/detail/CVE-2020-35524", "https://security.gentoo.org/glsa/202104-06", "https://security.netapp.com/advisory/ntap-20210521-0009/", "https://ubuntu.com/security/notices/USN-4755-1", "https://ubuntu.com/security/notices/USN-5841-1", "https://www.cve.org/CVERecord?id=CVE-2020-35524", "https://www.debian.org/security/2021/dsa-4869" ], "PublishedDate": "2021-03-09T20:15:13.04Z", "LastModifiedDate": "2023-11-07T03:21:57.39Z" }, { "VulnerabilityID": "CVE-2022-0891", "VendorIDs": [ "DSA-5108-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0891", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap buffer overflow in extractImageSection", "Description": "A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V2Score": 5.8, "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8194", "https://access.redhat.com/security/cve/CVE-2022-0891", "https://bugzilla.redhat.com/2042603", "https://bugzilla.redhat.com/2054494", "https://bugzilla.redhat.com/2054495", "https://bugzilla.redhat.com/2064145", "https://bugzilla.redhat.com/2064146", "https://bugzilla.redhat.com/2064148", "https://bugzilla.redhat.com/2064406", "https://bugzilla.redhat.com/2064411", "https://bugzilla.redhat.com/2074404", "https://bugzilla.redhat.com/2074415", "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "https://errata.almalinux.org/9/ALSA-2022-8194.html", "https://errata.rockylinux.org/RLSA-2022:7585", "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json", "https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c", "https://gitlab.com/libtiff/libtiff/-/issues/380", "https://gitlab.com/libtiff/libtiff/-/issues/382", "https://linux.oracle.com/cve/CVE-2022-0891.html", "https://linux.oracle.com/errata/ELSA-2022-8194.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/", "https://nvd.nist.gov/vuln/detail/CVE-2022-0891", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20221228-0008/", "https://ubuntu.com/security/notices/USN-5421-1", "https://www.cve.org/CVERecord?id=CVE-2022-0891", "https://www.debian.org/security/2022/dsa-5108" ], "PublishedDate": "2022-03-10T17:44:58.207Z", "LastModifiedDate": "2023-11-07T03:41:38.667Z" }, { "VulnerabilityID": "CVE-2022-3970", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3970", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: integer overflow in function TIFFReadRGBATileExt of the file", "Description": "A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.", "Severity": "HIGH", "CweIDs": [ "CWE-189" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2340", "https://access.redhat.com/security/cve/CVE-2022-3970", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137", "https://bugzilla.redhat.com/2142734", "https://bugzilla.redhat.com/2142736", "https://bugzilla.redhat.com/2142738", "https://bugzilla.redhat.com/2142740", "https://bugzilla.redhat.com/2142741", "https://bugzilla.redhat.com/2142742", "https://bugzilla.redhat.com/2148918", "https://bugzilla.redhat.com/2176220", "https://bugzilla.redhat.com/2187139", "https://bugzilla.redhat.com/2187141", "https://errata.almalinux.org/9/ALSA-2023-2340.html", "https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be", "https://linux.oracle.com/cve/CVE-2022-3970.html", "https://linux.oracle.com/errata/ELSA-2023-2883.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-3970", "https://oss-fuzz.com/download?testcase_id=5738253143900160", "https://security.netapp.com/advisory/ntap-20221215-0009/", "https://support.apple.com/kb/HT213841", "https://support.apple.com/kb/HT213843", "https://ubuntu.com/security/notices/USN-5743-1", "https://ubuntu.com/security/notices/USN-5743-2", "https://ubuntu.com/security/notices/USN-5841-1", "https://vuldb.com/?id.213549", "https://www.cve.org/CVERecord?id=CVE-2022-3970" ], "PublishedDate": "2022-11-13T08:15:16.047Z", "LastModifiedDate": "2023-11-17T19:04:41.32Z" }, { "VulnerabilityID": "CVE-2023-25434", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-25434", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap-buffer overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c", "Description": "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.", "Severity": "HIGH", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-25434", "https://gitlab.com/libtiff/libtiff/-/issues/519", "https://gitlab.com/libtiff/libtiff/-/merge_requests/465", "https://nvd.nist.gov/vuln/detail/CVE-2023-25434", "https://www.cve.org/CVERecord?id=CVE-2023-25434" ], "PublishedDate": "2023-06-14T20:15:09.337Z", "LastModifiedDate": "2023-06-23T16:25:42.077Z" }, { "VulnerabilityID": "CVE-2023-52355", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52355", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM", "Description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52355", "https://bugzilla.redhat.com/show_bug.cgi?id=2251326", "https://gitlab.com/libtiff/libtiff/-/issues/621", "https://nvd.nist.gov/vuln/detail/CVE-2023-52355", "https://www.cve.org/CVERecord?id=CVE-2023-52355" ], "PublishedDate": "2024-01-25T20:15:38.353Z", "LastModifiedDate": "2024-05-17T17:37:57.793Z" }, { "VulnerabilityID": "CVE-2023-52356", "VendorIDs": [ "DLA-3758-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u9", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52356", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service", "Description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "Severity": "HIGH", "CweIDs": [ "CWE-787", "CWE-122" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Jul/16", "http://seclists.org/fulldisclosure/2024/Jul/17", "http://seclists.org/fulldisclosure/2024/Jul/18", "http://seclists.org/fulldisclosure/2024/Jul/19", "http://seclists.org/fulldisclosure/2024/Jul/20", "http://seclists.org/fulldisclosure/2024/Jul/21", "http://seclists.org/fulldisclosure/2024/Jul/22", "http://seclists.org/fulldisclosure/2024/Jul/23", "https://access.redhat.com/errata/RHSA-2024:5079", "https://access.redhat.com/security/cve/CVE-2023-52356", "https://bugzilla.redhat.com/1614051", "https://bugzilla.redhat.com/2218744", "https://bugzilla.redhat.com/2240995", "https://bugzilla.redhat.com/2251344", "https://bugzilla.redhat.com/show_bug.cgi?id=1614051", "https://bugzilla.redhat.com/show_bug.cgi?id=2218744", "https://bugzilla.redhat.com/show_bug.cgi?id=2240995", "https://bugzilla.redhat.com/show_bug.cgi?id=2251344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6228", "https://errata.almalinux.org/8/ALSA-2024-5079.html", "https://errata.rockylinux.org/RLSA-2024:5079", "https://gitlab.com/libtiff/libtiff/-/issues/622", "https://gitlab.com/libtiff/libtiff/-/merge_requests/546", "https://linux.oracle.com/cve/CVE-2023-52356.html", "https://linux.oracle.com/errata/ELSA-2024-5079.html", "https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-52356", "https://support.apple.com/kb/HT214116", "https://support.apple.com/kb/HT214117", "https://support.apple.com/kb/HT214118", "https://support.apple.com/kb/HT214119", "https://support.apple.com/kb/HT214120", "https://support.apple.com/kb/HT214122", "https://support.apple.com/kb/HT214123", "https://support.apple.com/kb/HT214124", "https://ubuntu.com/security/notices/USN-6644-1", "https://ubuntu.com/security/notices/USN-6644-2", "https://www.cve.org/CVERecord?id=CVE-2023-52356" ], "PublishedDate": "2024-01-25T20:15:39.063Z", "LastModifiedDate": "2024-08-07T16:15:43.92Z" }, { "VulnerabilityID": "CVE-2024-7006", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-7006", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: NULL pointer dereference in tif_dirinfo.c", "Description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "Severity": "HIGH", "CweIDs": [ "CWE-476", "CWE-754" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-7006", "https://bugzilla.redhat.com/show_bug.cgi?id=2302996", "https://nvd.nist.gov/vuln/detail/CVE-2024-7006", "https://www.cve.org/CVERecord?id=CVE-2024-7006" ], "PublishedDate": "2024-08-12T13:38:40.577Z", "LastModifiedDate": "2024-08-13T15:14:35.167Z" }, { "VulnerabilityID": "CVE-2020-19143", "VendorIDs": [ "DSA-4997-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-19143", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: buffer overflow in TIFFVGetField() in libtiff/tif_dir.c", "Description": "Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the \"TIFFVGetField\" funtion in the component 'libtiff/tif_dir.c'.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://bugzilla.maptools.org/show_bug.cgi?id=2851", "https://access.redhat.com/security/cve/CVE-2020-19143", "https://gitlab.com/libtiff/libtiff/-/issues/158", "https://gitlab.com/libtiff/libtiff/-/merge_requests/119", "https://nvd.nist.gov/vuln/detail/CVE-2020-19143", "https://security.netapp.com/advisory/ntap-20211004-0005/", "https://ubuntu.com/security/notices/USN-5084-1", "https://www.cve.org/CVERecord?id=CVE-2020-19143", "https://www.debian.org/security/2021/dsa-4997" ], "PublishedDate": "2021-09-09T15:15:07.643Z", "LastModifiedDate": "2021-11-30T19:38:32.74Z" }, { "VulnerabilityID": "CVE-2022-0561", "VendorIDs": [ "DSA-5108-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0561", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Denial of Service via crafted TIFF file", "Description": "Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8194", "https://access.redhat.com/security/cve/CVE-2022-0561", "https://bugzilla.redhat.com/2042603", "https://bugzilla.redhat.com/2054494", "https://bugzilla.redhat.com/2054495", "https://bugzilla.redhat.com/2064145", "https://bugzilla.redhat.com/2064146", "https://bugzilla.redhat.com/2064148", "https://bugzilla.redhat.com/2064406", "https://bugzilla.redhat.com/2064411", "https://bugzilla.redhat.com/2074404", "https://bugzilla.redhat.com/2074415", "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "https://errata.almalinux.org/9/ALSA-2022-8194.html", "https://errata.rockylinux.org/RLSA-2022:7585", "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json", "https://gitlab.com/libtiff/libtiff/-/issues/362", "https://linux.oracle.com/cve/CVE-2022-0561.html", "https://linux.oracle.com/errata/ELSA-2022-8194.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/", "https://nvd.nist.gov/vuln/detail/CVE-2022-0561", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20220318-0001/", "https://ubuntu.com/security/notices/USN-5421-1", "https://www.cve.org/CVERecord?id=CVE-2022-0561", "https://www.debian.org/security/2022/dsa-5108" ], "PublishedDate": "2022-02-11T18:15:11.033Z", "LastModifiedDate": "2023-11-07T03:41:23.23Z" }, { "VulnerabilityID": "CVE-2022-0562", "VendorIDs": [ "DSA-5108-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0562", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Null source pointer lead to Denial of Service via crafted TIFF file", "Description": "Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8194", "https://access.redhat.com/security/cve/CVE-2022-0562", "https://bugzilla.redhat.com/2042603", "https://bugzilla.redhat.com/2054494", "https://bugzilla.redhat.com/2054495", "https://bugzilla.redhat.com/2064145", "https://bugzilla.redhat.com/2064146", "https://bugzilla.redhat.com/2064148", "https://bugzilla.redhat.com/2064406", "https://bugzilla.redhat.com/2064411", "https://bugzilla.redhat.com/2074404", "https://bugzilla.redhat.com/2074415", "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "https://errata.almalinux.org/9/ALSA-2022-8194.html", "https://errata.rockylinux.org/RLSA-2022:7585", "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json", "https://gitlab.com/libtiff/libtiff/-/issues/362", "https://linux.oracle.com/cve/CVE-2022-0562.html", "https://linux.oracle.com/errata/ELSA-2022-8194.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/", "https://nvd.nist.gov/vuln/detail/CVE-2022-0562", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20220318-0001/", "https://ubuntu.com/security/notices/USN-5421-1", "https://www.cve.org/CVERecord?id=CVE-2022-0562", "https://www.debian.org/security/2022/dsa-5108" ], "PublishedDate": "2022-02-11T18:15:11.083Z", "LastModifiedDate": "2023-11-07T03:41:23.533Z" }, { "VulnerabilityID": "CVE-2022-0865", "VendorIDs": [ "DSA-5108-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0865", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: reachable assertion", "Description": "Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8194", "https://access.redhat.com/security/cve/CVE-2022-0865", "https://bugzilla.redhat.com/2042603", "https://bugzilla.redhat.com/2054494", "https://bugzilla.redhat.com/2054495", "https://bugzilla.redhat.com/2064145", "https://bugzilla.redhat.com/2064146", "https://bugzilla.redhat.com/2064148", "https://bugzilla.redhat.com/2064406", "https://bugzilla.redhat.com/2064411", "https://bugzilla.redhat.com/2074404", "https://bugzilla.redhat.com/2074415", "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "https://errata.almalinux.org/9/ALSA-2022-8194.html", "https://errata.rockylinux.org/RLSA-2022:7585", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json", "https://gitlab.com/libtiff/libtiff/-/commit/a1c933dabd0e1c54a412f3f84ae0aa58115c6067", "https://gitlab.com/libtiff/libtiff/-/issues/385", "https://gitlab.com/libtiff/libtiff/-/merge_requests/306", "https://linux.oracle.com/cve/CVE-2022-0865.html", "https://linux.oracle.com/errata/ELSA-2022-8194.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/", "https://nvd.nist.gov/vuln/detail/CVE-2022-0865", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20221228-0008/", "https://ubuntu.com/security/notices/USN-5421-1", "https://www.cve.org/CVERecord?id=CVE-2022-0865", "https://www.debian.org/security/2022/dsa-5108" ], "PublishedDate": "2022-03-10T17:44:57.563Z", "LastModifiedDate": "2023-11-07T03:41:37.843Z" }, { "VulnerabilityID": "CVE-2022-0907", "VendorIDs": [ "DSA-5108-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0907", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tiff: NULL Pointer Dereference in tiffcrop", "Description": "Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.", "Severity": "MEDIUM", "CweIDs": [ "CWE-252" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0907", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json", "https://gitlab.com/libtiff/libtiff/-/commit/40b00cfb32256d377608b4d4cd30fac338d0a0bc", "https://gitlab.com/libtiff/libtiff/-/issues/392", "https://gitlab.com/libtiff/libtiff/-/merge_requests/314", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/", "https://nvd.nist.gov/vuln/detail/CVE-2022-0907", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20220506-0002/", "https://ubuntu.com/security/notices/USN-5523-1", "https://ubuntu.com/security/notices/USN-5523-2", "https://www.cve.org/CVERecord?id=CVE-2022-0907", "https://www.debian.org/security/2022/dsa-5108" ], "PublishedDate": "2022-03-11T18:15:26.217Z", "LastModifiedDate": "2023-11-07T03:41:39.037Z" }, { "VulnerabilityID": "CVE-2022-0908", "VendorIDs": [ "DSA-5108-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0908", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c", "Description": "Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8194", "https://access.redhat.com/security/cve/CVE-2022-0908", "https://bugzilla.redhat.com/2042603", "https://bugzilla.redhat.com/2054494", "https://bugzilla.redhat.com/2054495", "https://bugzilla.redhat.com/2064145", "https://bugzilla.redhat.com/2064146", "https://bugzilla.redhat.com/2064148", "https://bugzilla.redhat.com/2064406", "https://bugzilla.redhat.com/2064411", "https://bugzilla.redhat.com/2074404", "https://bugzilla.redhat.com/2074415", "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "https://errata.almalinux.org/9/ALSA-2022-8194.html", "https://errata.rockylinux.org/RLSA-2022:7585", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json", "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85", "https://gitlab.com/libtiff/libtiff/-/issues/383", "https://linux.oracle.com/cve/CVE-2022-0908.html", "https://linux.oracle.com/errata/ELSA-2022-8194.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/", "https://nvd.nist.gov/vuln/detail/CVE-2022-0908", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20220506-0002/", "https://ubuntu.com/security/notices/USN-5523-1", "https://ubuntu.com/security/notices/USN-5523-2", "https://www.cve.org/CVERecord?id=CVE-2022-0908", "https://www.debian.org/security/2022/dsa-5108" ], "PublishedDate": "2022-03-11T18:15:27.077Z", "LastModifiedDate": "2023-11-07T03:41:39.133Z" }, { "VulnerabilityID": "CVE-2022-0909", "VendorIDs": [ "DSA-5108-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0909", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tiff: Divide By Zero error in tiffcrop", "Description": "Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8194", "https://access.redhat.com/security/cve/CVE-2022-0909", "https://bugzilla.redhat.com/2042603", "https://bugzilla.redhat.com/2054494", "https://bugzilla.redhat.com/2054495", "https://bugzilla.redhat.com/2064145", "https://bugzilla.redhat.com/2064146", "https://bugzilla.redhat.com/2064148", "https://bugzilla.redhat.com/2064406", "https://bugzilla.redhat.com/2064411", "https://bugzilla.redhat.com/2074404", "https://bugzilla.redhat.com/2074415", "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "https://errata.almalinux.org/9/ALSA-2022-8194.html", "https://errata.rockylinux.org/RLSA-2022:7585", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json", "https://gitlab.com/libtiff/libtiff/-/commit/32ea0722ee68f503b7a3f9b2d557acb293fc8cde", "https://gitlab.com/libtiff/libtiff/-/issues/393", "https://gitlab.com/libtiff/libtiff/-/merge_requests/310", "https://linux.oracle.com/cve/CVE-2022-0909.html", "https://linux.oracle.com/errata/ELSA-2022-8194.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/", "https://nvd.nist.gov/vuln/detail/CVE-2022-0909", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20220506-0002/", "https://ubuntu.com/security/notices/USN-5523-1", "https://ubuntu.com/security/notices/USN-5523-2", "https://www.cve.org/CVERecord?id=CVE-2022-0909", "https://www.debian.org/security/2022/dsa-5108" ], "PublishedDate": "2022-03-11T18:15:28.047Z", "LastModifiedDate": "2023-11-07T03:41:39.257Z" }, { "VulnerabilityID": "CVE-2022-0924", "VendorIDs": [ "DSA-5108-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0924", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Out-of-bounds Read error in tiffcp", "Description": "Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8194", "https://access.redhat.com/security/cve/CVE-2022-0924", "https://bugzilla.redhat.com/2042603", "https://bugzilla.redhat.com/2054494", "https://bugzilla.redhat.com/2054495", "https://bugzilla.redhat.com/2064145", "https://bugzilla.redhat.com/2064146", "https://bugzilla.redhat.com/2064148", "https://bugzilla.redhat.com/2064406", "https://bugzilla.redhat.com/2064411", "https://bugzilla.redhat.com/2074404", "https://bugzilla.redhat.com/2074415", "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "https://errata.almalinux.org/9/ALSA-2022-8194.html", "https://errata.rockylinux.org/RLSA-2022:7585", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json", "https://gitlab.com/libtiff/libtiff/-/commit/88d79a45a31c74cba98c697892fed5f7db8b963a", "https://gitlab.com/libtiff/libtiff/-/issues/278", "https://gitlab.com/libtiff/libtiff/-/merge_requests/311", "https://linux.oracle.com/cve/CVE-2022-0924.html", "https://linux.oracle.com/errata/ELSA-2022-8194.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/", "https://nvd.nist.gov/vuln/detail/CVE-2022-0924", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20220506-0002/", "https://ubuntu.com/security/notices/USN-5523-1", "https://ubuntu.com/security/notices/USN-5523-2", "https://www.cve.org/CVERecord?id=CVE-2022-0924", "https://www.debian.org/security/2022/dsa-5108" ], "PublishedDate": "2022-03-11T18:15:30.137Z", "LastModifiedDate": "2023-11-07T03:41:39.63Z" }, { "VulnerabilityID": "CVE-2022-1354", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1354", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c", "Description": "A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8194", "https://access.redhat.com/security/cve/CVE-2022-1354", "https://bugzilla.redhat.com/2042603", "https://bugzilla.redhat.com/2054494", "https://bugzilla.redhat.com/2054495", "https://bugzilla.redhat.com/2064145", "https://bugzilla.redhat.com/2064146", "https://bugzilla.redhat.com/2064148", "https://bugzilla.redhat.com/2064406", "https://bugzilla.redhat.com/2064411", "https://bugzilla.redhat.com/2074404", "https://bugzilla.redhat.com/2074415", "https://bugzilla.redhat.com/show_bug.cgi?id=2074404", "https://errata.almalinux.org/9/ALSA-2022-8194.html", "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798", "https://gitlab.com/libtiff/libtiff/-/issues/319", "https://linux.oracle.com/cve/CVE-2022-1354.html", "https://linux.oracle.com/errata/ELSA-2022-8194.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-1354", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20221014-0007/", "https://ubuntu.com/security/notices/USN-5619-1", "https://www.cve.org/CVERecord?id=CVE-2022-1354", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-08-31T16:15:09.52Z", "LastModifiedDate": "2023-02-23T15:50:59.183Z" }, { "VulnerabilityID": "CVE-2022-1355", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1355", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: stack-buffer-overflow in tiffcp.c in main()", "Description": "A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-121", "CWE-119" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8194", "https://access.redhat.com/security/cve/CVE-2022-1355", "https://bugzilla.redhat.com/2042603", "https://bugzilla.redhat.com/2054494", "https://bugzilla.redhat.com/2054495", "https://bugzilla.redhat.com/2064145", "https://bugzilla.redhat.com/2064146", "https://bugzilla.redhat.com/2064148", "https://bugzilla.redhat.com/2064406", "https://bugzilla.redhat.com/2064411", "https://bugzilla.redhat.com/2074404", "https://bugzilla.redhat.com/2074415", "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "https://errata.almalinux.org/9/ALSA-2022-8194.html", "https://errata.rockylinux.org/RLSA-2022:7585", "https://gitlab.com/libtiff/libtiff/-/issues/400", "https://gitlab.com/libtiff/libtiff/-/merge_requests/323", "https://linux.oracle.com/cve/CVE-2022-1355.html", "https://linux.oracle.com/errata/ELSA-2022-8194.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-1355", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20221014-0007/", "https://ubuntu.com/security/notices/USN-5619-1", "https://www.cve.org/CVERecord?id=CVE-2022-1355", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-08-31T16:15:09.577Z", "LastModifiedDate": "2023-02-23T15:52:46.557Z" }, { "VulnerabilityID": "CVE-2022-2056", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2056", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: division by zero issues in tiffcrop", "Description": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0302", "https://access.redhat.com/security/cve/CVE-2022-2056", "https://bugzilla.redhat.com/2103222", "https://bugzilla.redhat.com/2122789", "https://bugzilla.redhat.com/2122792", "https://bugzilla.redhat.com/2122799", "https://bugzilla.redhat.com/2134432", "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "https://errata.almalinux.org/9/ALSA-2023-0302.html", "https://errata.rockylinux.org/RLSA-2023:0302", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json", "https://gitlab.com/libtiff/libtiff/-/issues/415", "https://gitlab.com/libtiff/libtiff/-/merge_requests/346", "https://linux.oracle.com/cve/CVE-2022-2056.html", "https://linux.oracle.com/errata/ELSA-2023-0302.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/", "https://nvd.nist.gov/vuln/detail/CVE-2022-2056", "https://security.netapp.com/advisory/ntap-20220826-0001/", "https://ubuntu.com/security/notices/USN-5619-1", "https://www.cve.org/CVERecord?id=CVE-2022-2056", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-06-30T16:15:08.287Z", "LastModifiedDate": "2023-11-07T03:46:10.65Z" }, { "VulnerabilityID": "CVE-2022-2057", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2057", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: division by zero issues in tiffcrop", "Description": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0302", "https://access.redhat.com/security/cve/CVE-2022-2057", "https://bugzilla.redhat.com/2103222", "https://bugzilla.redhat.com/2122789", "https://bugzilla.redhat.com/2122792", "https://bugzilla.redhat.com/2122799", "https://bugzilla.redhat.com/2134432", "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "https://errata.almalinux.org/9/ALSA-2023-0302.html", "https://errata.rockylinux.org/RLSA-2023:0302", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json", "https://gitlab.com/libtiff/libtiff/-/issues/427", "https://gitlab.com/libtiff/libtiff/-/merge_requests/346", "https://linux.oracle.com/cve/CVE-2022-2057.html", "https://linux.oracle.com/errata/ELSA-2023-0302.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/", "https://nvd.nist.gov/vuln/detail/CVE-2022-2057", "https://security.netapp.com/advisory/ntap-20220826-0001/", "https://ubuntu.com/security/notices/USN-5619-1", "https://www.cve.org/CVERecord?id=CVE-2022-2057", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-06-30T16:15:08.357Z", "LastModifiedDate": "2023-11-07T03:46:10.86Z" }, { "VulnerabilityID": "CVE-2022-2058", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2058", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: division by zero issues in tiffcrop", "Description": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0302", "https://access.redhat.com/security/cve/CVE-2022-2058", "https://bugzilla.redhat.com/2103222", "https://bugzilla.redhat.com/2122789", "https://bugzilla.redhat.com/2122792", "https://bugzilla.redhat.com/2122799", "https://bugzilla.redhat.com/2134432", "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "https://errata.almalinux.org/9/ALSA-2023-0302.html", "https://errata.rockylinux.org/RLSA-2023:0302", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json", "https://gitlab.com/libtiff/libtiff/-/issues/428", "https://gitlab.com/libtiff/libtiff/-/merge_requests/346", "https://linux.oracle.com/cve/CVE-2022-2058.html", "https://linux.oracle.com/errata/ELSA-2023-0302.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/", "https://nvd.nist.gov/vuln/detail/CVE-2022-2058", "https://security.netapp.com/advisory/ntap-20220826-0001/", "https://ubuntu.com/security/notices/USN-5619-1", "https://www.cve.org/CVERecord?id=CVE-2022-2058", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-06-30T16:15:08.41Z", "LastModifiedDate": "2023-11-07T03:46:10.947Z" }, { "VulnerabilityID": "CVE-2022-22844", "VendorIDs": [ "DSA-5108-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22844", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c", "Description": "LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8194", "https://access.redhat.com/security/cve/CVE-2022-22844", "https://bugzilla.redhat.com/2042603", "https://bugzilla.redhat.com/2054494", "https://bugzilla.redhat.com/2054495", "https://bugzilla.redhat.com/2064145", "https://bugzilla.redhat.com/2064146", "https://bugzilla.redhat.com/2064148", "https://bugzilla.redhat.com/2064406", "https://bugzilla.redhat.com/2064411", "https://bugzilla.redhat.com/2074404", "https://bugzilla.redhat.com/2074415", "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "https://errata.almalinux.org/9/ALSA-2022-8194.html", "https://errata.rockylinux.org/RLSA-2022:7585", "https://gitlab.com/libtiff/libtiff/-/issues/355", "https://gitlab.com/libtiff/libtiff/-/merge_requests/287", "https://linux.oracle.com/cve/CVE-2022-22844.html", "https://linux.oracle.com/errata/ELSA-2022-8194.html", "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-22844", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20220311-0002/", "https://ubuntu.com/security/notices/USN-5523-1", "https://ubuntu.com/security/notices/USN-5523-2", "https://www.cve.org/CVERecord?id=CVE-2022-22844", "https://www.debian.org/security/2022/dsa-5108" ], "PublishedDate": "2022-01-10T14:12:58.32Z", "LastModifiedDate": "2022-11-16T19:07:38.983Z" }, { "VulnerabilityID": "CVE-2022-2867", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2867", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c", "Description": "libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-191", "CWE-125", "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0095", "https://access.redhat.com/security/cve/CVE-2022-2867", "https://bugzilla.redhat.com/2103222", "https://bugzilla.redhat.com/2118847", "https://bugzilla.redhat.com/2118863", "https://bugzilla.redhat.com/2118869", "https://bugzilla.redhat.com/2122789", "https://bugzilla.redhat.com/2122792", "https://bugzilla.redhat.com/2122799", "https://bugzilla.redhat.com/2134432", "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "https://errata.almalinux.org/8/ALSA-2023-0095.html", "https://errata.rockylinux.org/RLSA-2023:0095", "https://linux.oracle.com/cve/CVE-2022-2867.html", "https://linux.oracle.com/errata/ELSA-2023-0095.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2867", "https://ubuntu.com/security/notices/USN-5604-1", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-2867", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-08-17T22:15:08.697Z", "LastModifiedDate": "2023-11-07T03:47:00.35Z" }, { "VulnerabilityID": "CVE-2022-2868", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2868", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()", "Description": "libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284", "CWE-20" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0095", "https://access.redhat.com/security/cve/CVE-2022-2868", "https://bugzilla.redhat.com/2103222", "https://bugzilla.redhat.com/2118847", "https://bugzilla.redhat.com/2118863", "https://bugzilla.redhat.com/2118869", "https://bugzilla.redhat.com/2122789", "https://bugzilla.redhat.com/2122792", "https://bugzilla.redhat.com/2122799", "https://bugzilla.redhat.com/2134432", "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "https://errata.almalinux.org/8/ALSA-2023-0095.html", "https://errata.rockylinux.org/RLSA-2023:0095", "https://linux.oracle.com/cve/CVE-2022-2868.html", "https://linux.oracle.com/errata/ELSA-2023-0095.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2868", "https://ubuntu.com/security/notices/USN-5604-1", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-2868", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-08-17T22:15:08.753Z", "LastModifiedDate": "2023-11-07T03:47:00.667Z" }, { "VulnerabilityID": "CVE-2022-2869", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2869", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()", "Description": "libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-191", "CWE-125", "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0095", "https://access.redhat.com/security/cve/CVE-2022-2869", "https://bugzilla.redhat.com/2103222", "https://bugzilla.redhat.com/2118847", "https://bugzilla.redhat.com/2118863", "https://bugzilla.redhat.com/2118869", "https://bugzilla.redhat.com/2122789", "https://bugzilla.redhat.com/2122792", "https://bugzilla.redhat.com/2122799", "https://bugzilla.redhat.com/2134432", "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "https://errata.almalinux.org/8/ALSA-2023-0095.html", "https://errata.rockylinux.org/RLSA-2023:0095", "https://linux.oracle.com/cve/CVE-2022-2869.html", "https://linux.oracle.com/errata/ELSA-2023-0095.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2869", "https://ubuntu.com/security/notices/USN-5604-1", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-2869", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-08-17T22:15:08.807Z", "LastModifiedDate": "2023-11-07T03:47:00.933Z" }, { "VulnerabilityID": "CVE-2022-34526", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-34526", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit", "Description": "A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the \"tiffsplit\" or \"tiffcrop\" utilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-34526", "https://gitlab.com/libtiff/libtiff/-/issues/433", "https://gitlab.com/libtiff/libtiff/-/issues/486", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FC6LWPAEKYJ57LSHX4SBFMLRMLOZTHIJ/", "https://nvd.nist.gov/vuln/detail/CVE-2022-34526", "https://security.netapp.com/advisory/ntap-20220930-0002/", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-34526", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-07-29T23:15:08.113Z", "LastModifiedDate": "2023-11-07T03:48:43.75Z" }, { "VulnerabilityID": "CVE-2022-3570", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3570", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap Buffer overflows in tiffcrop.c", "Description": "Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2340", "https://access.redhat.com/security/cve/CVE-2022-3570", "https://bugzilla.redhat.com/2142734", "https://bugzilla.redhat.com/2142736", "https://bugzilla.redhat.com/2142738", "https://bugzilla.redhat.com/2142740", "https://bugzilla.redhat.com/2142741", "https://bugzilla.redhat.com/2142742", "https://bugzilla.redhat.com/2148918", "https://bugzilla.redhat.com/2176220", "https://bugzilla.redhat.com/2187139", "https://bugzilla.redhat.com/2187141", "https://errata.almalinux.org/9/ALSA-2023-2340.html", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json", "https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c", "https://gitlab.com/libtiff/libtiff/-/issues/381", "https://gitlab.com/libtiff/libtiff/-/issues/386", "https://linux.oracle.com/cve/CVE-2022-3570.html", "https://linux.oracle.com/errata/ELSA-2023-2340.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-3570", "https://security.netapp.com/advisory/ntap-20230203-0002/", "https://ubuntu.com/security/notices/USN-5705-1", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-3570", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-10-21T16:15:10.913Z", "LastModifiedDate": "2023-02-23T16:02:57.903Z" }, { "VulnerabilityID": "CVE-2022-3597", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3597", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix", "Description": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2340", "https://access.redhat.com/security/cve/CVE-2022-3597", "https://bugzilla.redhat.com/2142734", "https://bugzilla.redhat.com/2142736", "https://bugzilla.redhat.com/2142738", "https://bugzilla.redhat.com/2142740", "https://bugzilla.redhat.com/2142741", "https://bugzilla.redhat.com/2142742", "https://bugzilla.redhat.com/2148918", "https://bugzilla.redhat.com/2176220", "https://bugzilla.redhat.com/2187139", "https://bugzilla.redhat.com/2187141", "https://errata.almalinux.org/9/ALSA-2023-2340.html", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json", "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", "https://gitlab.com/libtiff/libtiff/-/issues/413", "https://linux.oracle.com/cve/CVE-2022-3597.html", "https://linux.oracle.com/errata/ELSA-2023-2340.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-3597", "https://security.netapp.com/advisory/ntap-20230110-0001/", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-3597", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-10-21T16:15:10.973Z", "LastModifiedDate": "2023-02-23T16:04:56.627Z" }, { "VulnerabilityID": "CVE-2022-3598", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3598", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2340", "https://access.redhat.com/security/cve/CVE-2022-3598", "https://bugzilla.redhat.com/2142734", "https://bugzilla.redhat.com/2142736", "https://bugzilla.redhat.com/2142738", "https://bugzilla.redhat.com/2142740", "https://bugzilla.redhat.com/2142741", "https://bugzilla.redhat.com/2142742", "https://bugzilla.redhat.com/2148918", "https://bugzilla.redhat.com/2176220", "https://bugzilla.redhat.com/2187139", "https://bugzilla.redhat.com/2187141", "https://errata.almalinux.org/9/ALSA-2023-2340.html", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json", "https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff", "https://gitlab.com/libtiff/libtiff/-/issues/435", "https://linux.oracle.com/cve/CVE-2022-3598.html", "https://linux.oracle.com/errata/ELSA-2023-2340.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-3598", "https://security.netapp.com/advisory/ntap-20230110-0001/", "https://ubuntu.com/security/notices/USN-5705-1", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-3598" ], "PublishedDate": "2022-10-21T16:15:11.03Z", "LastModifiedDate": "2023-03-31T16:05:27.543Z" }, { "VulnerabilityID": "CVE-2022-3599", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3599", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2340", "https://access.redhat.com/security/cve/CVE-2022-3599", "https://bugzilla.redhat.com/2142734", "https://bugzilla.redhat.com/2142736", "https://bugzilla.redhat.com/2142738", "https://bugzilla.redhat.com/2142740", "https://bugzilla.redhat.com/2142741", "https://bugzilla.redhat.com/2142742", "https://bugzilla.redhat.com/2148918", "https://bugzilla.redhat.com/2176220", "https://bugzilla.redhat.com/2187139", "https://bugzilla.redhat.com/2187141", "https://errata.almalinux.org/9/ALSA-2023-2340.html", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json", "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", "https://gitlab.com/libtiff/libtiff/-/issues/398", "https://gitlab.com/libtiff/libtiff/-/merge_requests/385", "https://linux.oracle.com/cve/CVE-2022-3599.html", "https://linux.oracle.com/errata/ELSA-2023-2340.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-3599", "https://security.netapp.com/advisory/ntap-20230110-0001/", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-3599", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-10-21T16:15:11.087Z", "LastModifiedDate": "2023-02-23T16:06:42.147Z" }, { "VulnerabilityID": "CVE-2022-3626", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3626", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2340", "https://access.redhat.com/security/cve/CVE-2022-3626", "https://bugzilla.redhat.com/2142734", "https://bugzilla.redhat.com/2142736", "https://bugzilla.redhat.com/2142738", "https://bugzilla.redhat.com/2142740", "https://bugzilla.redhat.com/2142741", "https://bugzilla.redhat.com/2142742", "https://bugzilla.redhat.com/2148918", "https://bugzilla.redhat.com/2176220", "https://bugzilla.redhat.com/2187139", "https://bugzilla.redhat.com/2187141", "https://errata.almalinux.org/9/ALSA-2023-2340.html", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json", "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", "https://gitlab.com/libtiff/libtiff/-/issues/426", "https://linux.oracle.com/cve/CVE-2022-3626.html", "https://linux.oracle.com/errata/ELSA-2023-2340.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-3626", "https://security.netapp.com/advisory/ntap-20230110-0001/", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-3626" ], "PublishedDate": "2022-10-21T16:15:11.14Z", "LastModifiedDate": "2023-03-31T16:06:06.833Z" }, { "VulnerabilityID": "CVE-2022-3627", "VendorIDs": [ "DLA-3278-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3627", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2340", "https://access.redhat.com/security/cve/CVE-2022-3627", "https://bugzilla.redhat.com/2142734", "https://bugzilla.redhat.com/2142736", "https://bugzilla.redhat.com/2142738", "https://bugzilla.redhat.com/2142740", "https://bugzilla.redhat.com/2142741", "https://bugzilla.redhat.com/2142742", "https://bugzilla.redhat.com/2148918", "https://bugzilla.redhat.com/2176220", "https://bugzilla.redhat.com/2187139", "https://bugzilla.redhat.com/2187141", "https://errata.almalinux.org/9/ALSA-2023-2340.html", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json", "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", "https://gitlab.com/libtiff/libtiff/-/issues/411", "https://linux.oracle.com/cve/CVE-2022-3627.html", "https://linux.oracle.com/errata/ELSA-2023-2883.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-3627", "https://security.netapp.com/advisory/ntap-20230110-0001/", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-3627", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-10-21T16:15:11.197Z", "LastModifiedDate": "2023-02-23T16:07:19.787Z" }, { "VulnerabilityID": "CVE-2022-40090", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-40090", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: infinite loop via a crafted TIFF file", "Description": "An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2289", "https://access.redhat.com/security/cve/CVE-2022-40090", "https://bugzilla.redhat.com/2215865", "https://bugzilla.redhat.com/2234970", "https://bugzilla.redhat.com/2235264", "https://bugzilla.redhat.com/2235265", "https://bugzilla.redhat.com/2240995", "https://errata.almalinux.org/9/ALSA-2024-2289.html", "https://gitlab.com/libtiff/libtiff/-/commit/d093eb5d961e21ba51420bc22382c514683a4d91 (v4.5.0rc1)", "https://gitlab.com/libtiff/libtiff/-/issues/455", "https://gitlab.com/libtiff/libtiff/-/merge_requests/386", "https://linux.oracle.com/cve/CVE-2022-40090.html", "https://linux.oracle.com/errata/ELSA-2024-2289.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-40090", "https://ubuntu.com/security/notices/USN-6512-1", "https://www.cve.org/CVERecord?id=CVE-2022-40090" ], "PublishedDate": "2023-08-22T19:16:23.943Z", "LastModifiedDate": "2023-08-26T02:13:22.85Z" }, { "VulnerabilityID": "CVE-2022-4645", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4645", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2340", "https://access.redhat.com/security/cve/CVE-2022-4645", "https://bugzilla.redhat.com/2142734", "https://bugzilla.redhat.com/2142736", "https://bugzilla.redhat.com/2142738", "https://bugzilla.redhat.com/2142740", "https://bugzilla.redhat.com/2142741", "https://bugzilla.redhat.com/2142742", "https://bugzilla.redhat.com/2148918", "https://bugzilla.redhat.com/2176220", "https://bugzilla.redhat.com/2187139", "https://bugzilla.redhat.com/2187141", "https://bugzilla.redhat.com/show_bug.cgi?id=2176220", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "https://errata.almalinux.org/9/ALSA-2023-2340.html", "https://errata.rockylinux.org/RLSA-2024:3059", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json", "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", "https://gitlab.com/libtiff/libtiff/-/issues/277", "https://linux.oracle.com/cve/CVE-2022-4645.html", "https://linux.oracle.com/errata/ELSA-2024-3059.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/", "https://nvd.nist.gov/vuln/detail/CVE-2022-4645", "https://security.netapp.com/advisory/ntap-20230331-0001/", "https://www.cve.org/CVERecord?id=CVE-2022-4645" ], "PublishedDate": "2023-03-03T16:15:09.777Z", "LastModifiedDate": "2023-11-07T03:58:27.53Z" }, { "VulnerabilityID": "CVE-2022-48281", "VendorIDs": [ "DLA-3297-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48281", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c", "Description": "processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2022-48281", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5", "https://gitlab.com/libtiff/libtiff/-/issues/488", "https://linux.oracle.com/cve/CVE-2022-48281.html", "https://linux.oracle.com/errata/ELSA-2023-3827.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-48281", "https://security.gentoo.org/glsa/202305-31", "https://security.netapp.com/advisory/ntap-20230302-0004/", "https://ubuntu.com/security/notices/USN-5841-1", "https://ubuntu.com/security/notices/USN-6290-1", "https://www.cve.org/CVERecord?id=CVE-2022-48281", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2023-01-23T03:15:09.447Z", "LastModifiedDate": "2023-05-30T06:16:00.967Z" }, { "VulnerabilityID": "CVE-2023-0795", "VendorIDs": [ "DLA-3333-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0795", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2023-0795", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json", "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "https://gitlab.com/libtiff/libtiff/-/issues/493", "https://linux.oracle.com/cve/CVE-2023-0795.html", "https://linux.oracle.com/errata/ELSA-2023-3711.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0795", "https://security.gentoo.org/glsa/202305-31", "https://security.netapp.com/advisory/ntap-20230316-0003/", "https://ubuntu.com/security/notices/USN-5923-1", "https://www.cve.org/CVERecord?id=CVE-2023-0795", "https://www.debian.org/security/2023/dsa-5361" ], "PublishedDate": "2023-02-13T23:15:11.727Z", "LastModifiedDate": "2023-05-30T06:16:05.65Z" }, { "VulnerabilityID": "CVE-2023-0796", "VendorIDs": [ "DLA-3333-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0796", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2023-0796", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json", "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "https://gitlab.com/libtiff/libtiff/-/issues/499", "https://linux.oracle.com/cve/CVE-2023-0796.html", "https://linux.oracle.com/errata/ELSA-2023-3711.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0796", "https://security.gentoo.org/glsa/202305-31", "https://security.netapp.com/advisory/ntap-20230316-0003/", "https://ubuntu.com/security/notices/USN-5923-1", "https://www.cve.org/CVERecord?id=CVE-2023-0796", "https://www.debian.org/security/2023/dsa-5361" ], "PublishedDate": "2023-02-13T23:15:11.857Z", "LastModifiedDate": "2023-05-30T06:16:06.873Z" }, { "VulnerabilityID": "CVE-2023-0797", "VendorIDs": [ "DLA-3333-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0797", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2023-0797", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json", "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "https://gitlab.com/libtiff/libtiff/-/issues/495", "https://linux.oracle.com/cve/CVE-2023-0797.html", "https://linux.oracle.com/errata/ELSA-2023-3711.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0797", "https://security.gentoo.org/glsa/202305-31", "https://ubuntu.com/security/notices/USN-5923-1", "https://www.cve.org/CVERecord?id=CVE-2023-0797", "https://www.debian.org/security/2023/dsa-5361" ], "PublishedDate": "2023-02-13T23:15:11.97Z", "LastModifiedDate": "2023-05-30T06:16:07.78Z" }, { "VulnerabilityID": "CVE-2023-0798", "VendorIDs": [ "DLA-3333-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0798", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2023-0798", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json", "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "https://gitlab.com/libtiff/libtiff/-/issues/492", "https://linux.oracle.com/cve/CVE-2023-0798.html", "https://linux.oracle.com/errata/ELSA-2023-3711.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0798", "https://security.gentoo.org/glsa/202305-31", "https://security.netapp.com/advisory/ntap-20230316-0003/", "https://ubuntu.com/security/notices/USN-5923-1", "https://www.cve.org/CVERecord?id=CVE-2023-0798", "https://www.debian.org/security/2023/dsa-5361" ], "PublishedDate": "2023-02-13T23:15:12.073Z", "LastModifiedDate": "2023-05-30T06:16:08.667Z" }, { "VulnerabilityID": "CVE-2023-0799", "VendorIDs": [ "DLA-3333-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0799", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2023-0799", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json", "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "https://gitlab.com/libtiff/libtiff/-/issues/494", "https://linux.oracle.com/cve/CVE-2023-0799.html", "https://linux.oracle.com/errata/ELSA-2023-3711.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0799", "https://security.gentoo.org/glsa/202305-31", "https://security.netapp.com/advisory/ntap-20230316-0003/", "https://ubuntu.com/security/notices/USN-5923-1", "https://www.cve.org/CVERecord?id=CVE-2023-0799", "https://www.debian.org/security/2023/dsa-5361" ], "PublishedDate": "2023-02-13T23:15:12.17Z", "LastModifiedDate": "2023-05-30T06:16:09.313Z" }, { "VulnerabilityID": "CVE-2023-0800", "VendorIDs": [ "DLA-3333-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0800", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2023-0800", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json", "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "https://gitlab.com/libtiff/libtiff/-/issues/496", "https://linux.oracle.com/cve/CVE-2023-0800.html", "https://linux.oracle.com/errata/ELSA-2023-5353.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0800", "https://security.gentoo.org/glsa/202305-31", "https://security.netapp.com/advisory/ntap-20230316-0002/", "https://ubuntu.com/security/notices/USN-5923-1", "https://www.cve.org/CVERecord?id=CVE-2023-0800", "https://www.debian.org/security/2023/dsa-5361" ], "PublishedDate": "2023-02-13T23:15:12.26Z", "LastModifiedDate": "2023-05-30T06:16:10.023Z" }, { "VulnerabilityID": "CVE-2023-0801", "VendorIDs": [ "DLA-3333-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0801", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2023-0801", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json", "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "https://gitlab.com/libtiff/libtiff/-/issues/498", "https://linux.oracle.com/cve/CVE-2023-0801.html", "https://linux.oracle.com/errata/ELSA-2023-5353.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0801", "https://security.gentoo.org/glsa/202305-31", "https://security.netapp.com/advisory/ntap-20230316-0002/", "https://ubuntu.com/security/notices/USN-5923-1", "https://www.cve.org/CVERecord?id=CVE-2023-0801", "https://www.debian.org/security/2023/dsa-5361" ], "PublishedDate": "2023-02-13T23:15:12.37Z", "LastModifiedDate": "2023-05-30T06:16:10.967Z" }, { "VulnerabilityID": "CVE-2023-0802", "VendorIDs": [ "DLA-3333-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0802", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2023-0802", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json", "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "https://gitlab.com/libtiff/libtiff/-/issues/500", "https://linux.oracle.com/cve/CVE-2023-0802.html", "https://linux.oracle.com/errata/ELSA-2023-5353.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0802", "https://security.gentoo.org/glsa/202305-31", "https://security.netapp.com/advisory/ntap-20230316-0002/", "https://ubuntu.com/security/notices/USN-5923-1", "https://www.cve.org/CVERecord?id=CVE-2023-0802", "https://www.debian.org/security/2023/dsa-5361" ], "PublishedDate": "2023-02-13T23:15:12.467Z", "LastModifiedDate": "2023-05-30T06:16:11.997Z" }, { "VulnerabilityID": "CVE-2023-0803", "VendorIDs": [ "DLA-3333-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0803", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2023-0803", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json", "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "https://gitlab.com/libtiff/libtiff/-/issues/501", "https://linux.oracle.com/cve/CVE-2023-0803.html", "https://linux.oracle.com/errata/ELSA-2023-5353.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0803", "https://security.gentoo.org/glsa/202305-31", "https://security.netapp.com/advisory/ntap-20230316-0002/", "https://ubuntu.com/security/notices/USN-5923-1", "https://www.cve.org/CVERecord?id=CVE-2023-0803", "https://www.debian.org/security/2023/dsa-5361" ], "PublishedDate": "2023-02-13T23:15:12.567Z", "LastModifiedDate": "2023-05-30T06:16:12.957Z" }, { "VulnerabilityID": "CVE-2023-0804", "VendorIDs": [ "DLA-3333-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0804", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3711", "https://access.redhat.com/security/cve/CVE-2023-0804", "https://bugzilla.redhat.com/2163606", "https://bugzilla.redhat.com/2170119", "https://bugzilla.redhat.com/2170146", "https://bugzilla.redhat.com/2170151", "https://bugzilla.redhat.com/2170157", "https://bugzilla.redhat.com/2170162", "https://bugzilla.redhat.com/2170167", "https://bugzilla.redhat.com/2170172", "https://bugzilla.redhat.com/2170178", "https://bugzilla.redhat.com/2170187", "https://bugzilla.redhat.com/2170192", "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "https://errata.almalinux.org/9/ALSA-2023-3711.html", "https://errata.rockylinux.org/RLSA-2023:3711", "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json", "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "https://gitlab.com/libtiff/libtiff/-/issues/497", "https://linux.oracle.com/cve/CVE-2023-0804.html", "https://linux.oracle.com/errata/ELSA-2023-5353.html", "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/", "https://nvd.nist.gov/vuln/detail/CVE-2023-0804", "https://security.gentoo.org/glsa/202305-31", "https://security.netapp.com/advisory/ntap-20230324-0009/", "https://ubuntu.com/security/notices/USN-5923-1", "https://www.cve.org/CVERecord?id=CVE-2023-0804", "https://www.debian.org/security/2023/dsa-5361" ], "PublishedDate": "2023-02-13T23:15:12.667Z", "LastModifiedDate": "2023-11-07T04:01:29.557Z" }, { "VulnerabilityID": "CVE-2023-25433", "VendorIDs": [ "DLA-3513-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u8", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-25433", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c", "Description": "libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.", "Severity": "MEDIUM", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5079", "https://access.redhat.com/security/cve/CVE-2023-25433", "https://bugzilla.redhat.com/1614051", "https://bugzilla.redhat.com/2218744", "https://bugzilla.redhat.com/2240995", "https://bugzilla.redhat.com/2251344", "https://bugzilla.redhat.com/show_bug.cgi?id=1614051", "https://bugzilla.redhat.com/show_bug.cgi?id=2218744", "https://bugzilla.redhat.com/show_bug.cgi?id=2240995", "https://bugzilla.redhat.com/show_bug.cgi?id=2251344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6228", "https://errata.almalinux.org/8/ALSA-2024-5079.html", "https://errata.rockylinux.org/RLSA-2024:5079", "https://gitlab.com/libtiff/libtiff/-/issues/520", "https://gitlab.com/libtiff/libtiff/-/merge_requests/467", "https://linux.oracle.com/cve/CVE-2023-25433.html", "https://linux.oracle.com/errata/ELSA-2024-5079.html", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-25433", "https://ubuntu.com/security/notices/USN-6229-1", "https://ubuntu.com/security/notices/USN-6290-1", "https://www.cve.org/CVERecord?id=CVE-2023-25433" ], "PublishedDate": "2023-06-29T20:15:09.83Z", "LastModifiedDate": "2023-08-01T02:15:09.91Z" }, { "VulnerabilityID": "CVE-2023-25435", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-25435", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: tiffcrop: heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c", "Description": "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.", "Severity": "MEDIUM", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-25435", "https://gitlab.com/libtiff/libtiff/-/issues/518", "https://nvd.nist.gov/vuln/detail/CVE-2023-25435", "https://www.cve.org/CVERecord?id=CVE-2023-25435" ], "PublishedDate": "2023-06-21T20:15:10.1Z", "LastModifiedDate": "2023-06-28T18:51:37.17Z" }, { "VulnerabilityID": "CVE-2023-26965", "VendorIDs": [ "DLA-3513-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u8", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-26965", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap-based use after free via a crafted TIFF image in loadImage() in tiffcrop.c", "Description": "loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6575", "https://access.redhat.com/security/cve/CVE-2023-26965", "https://bugzilla.redhat.com/2207635", "https://bugzilla.redhat.com/2215206", "https://bugzilla.redhat.com/2216080", "https://bugzilla.redhat.com/2218749", "https://bugzilla.redhat.com/2219340", "https://errata.almalinux.org/9/ALSA-2023-6575.html", "https://gitlab.com/libtiff/libtiff/-/merge_requests/472", "https://linux.oracle.com/cve/CVE-2023-26965.html", "https://linux.oracle.com/errata/ELSA-2023-6575.html", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-26965", "https://security.netapp.com/advisory/ntap-20230706-0009/", "https://ubuntu.com/security/notices/USN-6229-1", "https://ubuntu.com/security/notices/USN-6290-1", "https://www.cve.org/CVERecord?id=CVE-2023-26965" ], "PublishedDate": "2023-06-14T21:15:09.483Z", "LastModifiedDate": "2023-08-01T02:15:10.003Z" }, { "VulnerabilityID": "CVE-2023-26966", "VendorIDs": [ "DLA-3513-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u8", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-26966", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Buffer Overflow in uv_encode()", "Description": "libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.", "Severity": "MEDIUM", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6575", "https://access.redhat.com/security/cve/CVE-2023-26966", "https://bugzilla.redhat.com/2207635", "https://bugzilla.redhat.com/2215206", "https://bugzilla.redhat.com/2216080", "https://bugzilla.redhat.com/2218749", "https://bugzilla.redhat.com/2219340", "https://errata.almalinux.org/9/ALSA-2023-6575.html", "https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 (v4.5.1rc1)", "https://gitlab.com/libtiff/libtiff/-/issues/530", "https://gitlab.com/libtiff/libtiff/-/merge_requests/473", "https://linux.oracle.com/cve/CVE-2023-26966.html", "https://linux.oracle.com/errata/ELSA-2023-6575.html", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-26966", "https://ubuntu.com/security/notices/USN-6229-1", "https://ubuntu.com/security/notices/USN-6290-1", "https://www.cve.org/CVERecord?id=CVE-2023-26966" ], "PublishedDate": "2023-06-29T20:15:09.873Z", "LastModifiedDate": "2023-08-01T02:15:10.08Z" }, { "VulnerabilityID": "CVE-2023-2908", "VendorIDs": [ "DLA-3513-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u8", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2908", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: null pointer dereference in tif_dir.c", "Description": "A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-2908", "https://bugzilla.redhat.com/show_bug.cgi?id=2218830", "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f", "https://gitlab.com/libtiff/libtiff/-/merge_requests/479", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2908", "https://security.netapp.com/advisory/ntap-20230731-0004/", "https://ubuntu.com/security/notices/USN-6290-1", "https://www.cve.org/CVERecord?id=CVE-2023-2908" ], "PublishedDate": "2023-06-30T22:15:10.017Z", "LastModifiedDate": "2023-11-07T04:13:32.397Z" }, { "VulnerabilityID": "CVE-2023-30086", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30086", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Heap buffer overflow in tiffcp() at tiffcp.c", "Description": "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://libtiff-release-v4-0-7.com", "http://tiffcp.com", "https://access.redhat.com/security/cve/CVE-2023-30086", "https://gitlab.com/libtiff/libtiff/-/issues/538", "https://nvd.nist.gov/vuln/detail/CVE-2023-30086", "https://security.netapp.com/advisory/ntap-20230616-0003/", "https://www.cve.org/CVERecord?id=CVE-2023-30086" ], "PublishedDate": "2023-05-09T16:15:14.507Z", "LastModifiedDate": "2023-06-16T15:15:09.317Z" }, { "VulnerabilityID": "CVE-2023-30774", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30774", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value", "Description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787", "CWE-119" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "http://seclists.org/fulldisclosure/2023/Oct/24", "https://access.redhat.com/errata/RHSA-2023:2340", "https://access.redhat.com/security/cve/CVE-2023-30774", "https://bugzilla.redhat.com/2142734", "https://bugzilla.redhat.com/2142736", "https://bugzilla.redhat.com/2142738", "https://bugzilla.redhat.com/2142740", "https://bugzilla.redhat.com/2142741", "https://bugzilla.redhat.com/2142742", "https://bugzilla.redhat.com/2148918", "https://bugzilla.redhat.com/2176220", "https://bugzilla.redhat.com/2187139", "https://bugzilla.redhat.com/2187141", "https://bugzilla.redhat.com/show_bug.cgi?id=2187139", "https://errata.almalinux.org/9/ALSA-2023-2340.html", "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", "https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d (v4.5.0rc1)", "https://gitlab.com/libtiff/libtiff/-/issues/463", "https://linux.oracle.com/cve/CVE-2023-30774.html", "https://linux.oracle.com/errata/ELSA-2023-2340.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-30774", "https://security.netapp.com/advisory/ntap-20230703-0002/", "https://support.apple.com/kb/HT213984", "https://www.cve.org/CVERecord?id=CVE-2023-30774" ], "PublishedDate": "2023-05-19T15:15:08.923Z", "LastModifiedDate": "2024-01-09T02:51:33.207Z" }, { "VulnerabilityID": "CVE-2023-3316", "VendorIDs": [ "DLA-3513-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u8", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3316", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: tiffcrop: null pointer dereference in TIFFClose()", "Description": "A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6575", "https://access.redhat.com/security/cve/CVE-2023-3316", "https://bugzilla.redhat.com/2207635", "https://bugzilla.redhat.com/2215206", "https://bugzilla.redhat.com/2216080", "https://bugzilla.redhat.com/2218749", "https://bugzilla.redhat.com/2219340", "https://errata.almalinux.org/9/ALSA-2023-6575.html", "https://gitlab.com/libtiff/libtiff/-/issues/515", "https://gitlab.com/libtiff/libtiff/-/merge_requests/468", "https://linux.oracle.com/cve/CVE-2023-3316.html", "https://linux.oracle.com/errata/ELSA-2023-6575.html", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3316", "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/", "https://ubuntu.com/security/notices/USN-6229-1", "https://ubuntu.com/security/notices/USN-6290-1", "https://www.cve.org/CVERecord?id=CVE-2023-3316" ], "PublishedDate": "2023-06-19T12:15:09.52Z", "LastModifiedDate": "2023-08-01T02:15:10.577Z" }, { "VulnerabilityID": "CVE-2023-3576", "VendorIDs": [ "DLA-3758-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u9", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3576", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: memory leak in tiffcrop.c", "Description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401", "CWE-119" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6575", "https://access.redhat.com/security/cve/CVE-2023-3576", "https://bugzilla.redhat.com/2207635", "https://bugzilla.redhat.com/2215206", "https://bugzilla.redhat.com/2216080", "https://bugzilla.redhat.com/2218749", "https://bugzilla.redhat.com/2219340", "https://bugzilla.redhat.com/show_bug.cgi?id=2219340", "https://errata.almalinux.org/9/ALSA-2023-6575.html", "https://linux.oracle.com/cve/CVE-2023-3576.html", "https://linux.oracle.com/errata/ELSA-2023-6575.html", "https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3576", "https://ubuntu.com/security/notices/USN-6512-1", "https://www.cve.org/CVERecord?id=CVE-2023-3576" ], "PublishedDate": "2023-10-04T19:15:10.34Z", "LastModifiedDate": "2024-03-11T13:15:52.55Z" }, { "VulnerabilityID": "CVE-2023-3618", "VendorIDs": [ "DLA-3513-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u8", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3618", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: segmentation fault in Fax3Encode in libtiff/tif_fax3.c", "Description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2289", "https://access.redhat.com/security/cve/CVE-2023-3618", "https://bugzilla.redhat.com/2215865", "https://bugzilla.redhat.com/2234970", "https://bugzilla.redhat.com/2235264", "https://bugzilla.redhat.com/2235265", "https://bugzilla.redhat.com/2240995", "https://bugzilla.redhat.com/show_bug.cgi?id=2215865", "https://errata.almalinux.org/9/ALSA-2024-2289.html", "https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e", "https://gitlab.com/libtiff/libtiff/-/issues/529", "https://linux.oracle.com/cve/CVE-2023-3618.html", "https://linux.oracle.com/errata/ELSA-2024-2289.html", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3618", "https://security.netapp.com/advisory/ntap-20230824-0012/", "https://support.apple.com/kb/HT214036", "https://support.apple.com/kb/HT214037", "https://support.apple.com/kb/HT214038", "https://ubuntu.com/security/notices/USN-6290-1", "https://www.cve.org/CVERecord?id=CVE-2023-3618" ], "PublishedDate": "2023-07-12T15:15:09.06Z", "LastModifiedDate": "2024-03-23T11:15:43.67Z" }, { "VulnerabilityID": "CVE-2023-40745", "VendorIDs": [ "DLA-3513-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u8", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-40745", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: integer overflow in tiffcp.c", "Description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2289", "https://access.redhat.com/security/cve/CVE-2023-40745", "https://bugzilla.redhat.com/2215865", "https://bugzilla.redhat.com/2234970", "https://bugzilla.redhat.com/2235264", "https://bugzilla.redhat.com/2235265", "https://bugzilla.redhat.com/2240995", "https://bugzilla.redhat.com/show_bug.cgi?id=2235265", "https://errata.almalinux.org/9/ALSA-2024-2289.html", "https://linux.oracle.com/cve/CVE-2023-40745.html", "https://linux.oracle.com/errata/ELSA-2024-2289.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-40745", "https://security.netapp.com/advisory/ntap-20231110-0005/", "https://www.cve.org/CVERecord?id=CVE-2023-40745" ], "PublishedDate": "2023-10-05T19:15:11.26Z", "LastModifiedDate": "2024-04-30T15:15:50.61Z" }, { "VulnerabilityID": "CVE-2023-41175", "VendorIDs": [ "DLA-3513-1" ], "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "FixedVersion": "4.1.0+git191117-2~deb10u8", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-41175", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: potential integer overflow in raw2tiff.c", "Description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190", "CWE-680" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2289", "https://access.redhat.com/security/cve/CVE-2023-41175", "https://bugzilla.redhat.com/2215865", "https://bugzilla.redhat.com/2234970", "https://bugzilla.redhat.com/2235264", "https://bugzilla.redhat.com/2235265", "https://bugzilla.redhat.com/2240995", "https://bugzilla.redhat.com/show_bug.cgi?id=2235264", "https://errata.almalinux.org/9/ALSA-2024-2289.html", "https://linux.oracle.com/cve/CVE-2023-41175.html", "https://linux.oracle.com/errata/ELSA-2024-2289.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-41175", "https://www.cve.org/CVERecord?id=CVE-2023-41175" ], "PublishedDate": "2023-10-05T19:15:11.34Z", "LastModifiedDate": "2024-04-30T15:15:50.72Z" }, { "VulnerabilityID": "CVE-2023-6277", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6277", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Out-of-memory in TIFFOpen via a craft file", "Description": "An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Jul/16", "http://seclists.org/fulldisclosure/2024/Jul/17", "http://seclists.org/fulldisclosure/2024/Jul/18", "http://seclists.org/fulldisclosure/2024/Jul/19", "http://seclists.org/fulldisclosure/2024/Jul/20", "http://seclists.org/fulldisclosure/2024/Jul/21", "http://seclists.org/fulldisclosure/2024/Jul/22", "http://seclists.org/fulldisclosure/2024/Jul/23", "https://access.redhat.com/security/cve/CVE-2023-6277", "https://bugzilla.redhat.com/show_bug.cgi?id=2251311", "https://gitlab.com/libtiff/libtiff/-/issues/614", "https://gitlab.com/libtiff/libtiff/-/merge_requests/545", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/", "https://nvd.nist.gov/vuln/detail/CVE-2023-6277", "https://security.netapp.com/advisory/ntap-20240119-0002/", "https://support.apple.com/kb/HT214116", "https://support.apple.com/kb/HT214117", "https://support.apple.com/kb/HT214118", "https://support.apple.com/kb/HT214119", "https://support.apple.com/kb/HT214120", "https://support.apple.com/kb/HT214122", "https://support.apple.com/kb/HT214123", "https://support.apple.com/kb/HT214124", "https://ubuntu.com/security/notices/USN-6644-1", "https://ubuntu.com/security/notices/USN-6644-2", "https://www.cve.org/CVERecord?id=CVE-2023-6277" ], "PublishedDate": "2023-11-24T19:15:07.643Z", "LastModifiedDate": "2024-07-30T02:15:04.343Z" }, { "VulnerabilityID": "CVE-2017-16232", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16232", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c", "Description": "LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue", "Severity": "LOW", "CweIDs": [ "CWE-772" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html", "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html", "http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html", "http://seclists.org/fulldisclosure/2018/Dec/32", "http://seclists.org/fulldisclosure/2018/Dec/47", "http://www.openwall.com/lists/oss-security/2017/11/01/11", "http://www.openwall.com/lists/oss-security/2017/11/01/3", "http://www.openwall.com/lists/oss-security/2017/11/01/7", "http://www.openwall.com/lists/oss-security/2017/11/01/8", "http://www.securityfocus.com/bid/101696", "https://access.redhat.com/security/cve/CVE-2017-16232", "https://nvd.nist.gov/vuln/detail/CVE-2017-16232", "https://www.cve.org/CVERecord?id=CVE-2017-16232" ], "PublishedDate": "2019-03-21T15:59:56.53Z", "LastModifiedDate": "2024-08-05T21:15:24.413Z" }, { "VulnerabilityID": "CVE-2017-17973", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17973", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc", "Description": "In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://bugzilla.maptools.org/show_bug.cgi?id=2769", "http://www.securityfocus.com/bid/102331", "https://access.redhat.com/security/cve/CVE-2017-17973", "https://bugzilla.novell.com/show_bug.cgi?id=1074318", "https://bugzilla.redhat.com/show_bug.cgi?id=1530912", "https://nvd.nist.gov/vuln/detail/CVE-2017-17973", "https://www.cve.org/CVERecord?id=CVE-2017-17973" ], "PublishedDate": "2017-12-29T21:29:00.19Z", "LastModifiedDate": "2024-08-05T21:15:37.04Z" }, { "VulnerabilityID": "CVE-2017-5563", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Heap-buffer overflow in LZWEncode tif_lzw.c", "Description": "LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "http://bugzilla.maptools.org/show_bug.cgi?id=2664", "http://www.securityfocus.com/bid/95705", "https://access.redhat.com/security/cve/CVE-2017-5563", "https://nvd.nist.gov/vuln/detail/CVE-2017-5563", "https://security.gentoo.org/glsa/201709-27", "https://ubuntu.com/security/notices/USN-3606-1", "https://usn.ubuntu.com/3606-1/", "https://www.cve.org/CVERecord?id=CVE-2017-5563" ], "PublishedDate": "2017-01-23T07:59:00.69Z", "LastModifiedDate": "2019-10-03T00:03:26.223Z" }, { "VulnerabilityID": "CVE-2017-9117", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9117", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Heap-based buffer over-read in bmp2tiff", "Description": "In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://bugzilla.maptools.org/show_bug.cgi?id=2690", "http://www.securityfocus.com/bid/98581", "https://access.redhat.com/security/cve/CVE-2017-9117", "https://nvd.nist.gov/vuln/detail/CVE-2017-9117", "https://ubuntu.com/security/notices/USN-3606-1", "https://usn.ubuntu.com/3606-1/", "https://www.cve.org/CVERecord?id=CVE-2017-9117" ], "PublishedDate": "2017-05-21T19:29:00.187Z", "LastModifiedDate": "2019-10-03T00:03:26.223Z" }, { "VulnerabilityID": "CVE-2018-10126", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10126", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c", "Description": "ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://bugzilla.maptools.org/show_bug.cgi?id=2786", "https://access.redhat.com/security/cve/CVE-2018-10126", "https://gitlab.com/libtiff/libtiff/-/issues/128", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2018-10126", "https://www.cve.org/CVERecord?id=CVE-2018-10126" ], "PublishedDate": "2018-04-21T21:29:00.29Z", "LastModifiedDate": "2024-08-20T05:15:11.773Z" }, { "VulnerabilityID": "CVE-2020-35521", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35521", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Memory allocation failure in tiff2rgba", "Description": "A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-35521", "https://bugzilla.redhat.com/show_bug.cgi?id=1932034", "https://linux.oracle.com/cve/CVE-2020-35521.html", "https://linux.oracle.com/errata/ELSA-2021-4241.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/", "https://nvd.nist.gov/vuln/detail/CVE-2020-35521", "https://security.gentoo.org/glsa/202104-06", "https://security.netapp.com/advisory/ntap-20210521-0009/", "https://www.cve.org/CVERecord?id=CVE-2020-35521" ], "PublishedDate": "2021-03-09T20:15:12.773Z", "LastModifiedDate": "2023-11-07T03:21:57.157Z" }, { "VulnerabilityID": "CVE-2020-35522", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35522", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Memory allocation failure in tiff2rgba", "Description": "In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-35522", "https://bugzilla.redhat.com/show_bug.cgi?id=1932037", "https://gitlab.com/libtiff/libtiff/-/merge_requests/165", "https://linux.oracle.com/cve/CVE-2020-35522.html", "https://linux.oracle.com/errata/ELSA-2021-4241.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/", "https://nvd.nist.gov/vuln/detail/CVE-2020-35522", "https://security.gentoo.org/glsa/202104-06", "https://security.netapp.com/advisory/ntap-20210521-0009/", "https://ubuntu.com/security/notices/USN-5421-1", "https://www.cve.org/CVERecord?id=CVE-2020-35522" ], "PublishedDate": "2021-03-09T20:15:12.867Z", "LastModifiedDate": "2023-11-07T03:21:57.233Z" }, { "VulnerabilityID": "CVE-2022-1056", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1056", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c", "Description": "Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-1056", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json", "https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c", "https://gitlab.com/libtiff/libtiff/-/issues/391", "https://gitlab.com/libtiff/libtiff/-/merge_requests/307", "https://nvd.nist.gov/vuln/detail/CVE-2022-1056", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20221228-0008/", "https://www.cve.org/CVERecord?id=CVE-2022-1056" ], "PublishedDate": "2022-03-28T19:15:08.837Z", "LastModifiedDate": "2023-02-22T17:35:18.037Z" }, { "VulnerabilityID": "CVE-2022-1210", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1210", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tiff: Malicious file leads to a denial of service in TIFF File Handler", "Description": "A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.", "Severity": "LOW", "CweIDs": [ "CWE-404", "CWE-400" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-1210", "https://gitlab.com/libtiff/libtiff/-/issues/402", "https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff", "https://nvd.nist.gov/vuln/detail/CVE-2022-1210", "https://security.gentoo.org/glsa/202210-10", "https://security.netapp.com/advisory/ntap-20220513-0005/", "https://vuldb.com/?id.196363", "https://www.cve.org/CVERecord?id=CVE-2022-1210" ], "PublishedDate": "2022-04-03T09:15:09.033Z", "LastModifiedDate": "2023-07-24T13:46:36.043Z" }, { "VulnerabilityID": "CVE-2022-2519", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2519", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Double free or corruption in rotateImage() function at tiffcrop.c", "Description": "There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1", "Severity": "LOW", "CweIDs": [ "CWE-415" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0302", "https://access.redhat.com/security/cve/CVE-2022-2519", "https://bugzilla.redhat.com/2103222", "https://bugzilla.redhat.com/2122789", "https://bugzilla.redhat.com/2122792", "https://bugzilla.redhat.com/2122799", "https://bugzilla.redhat.com/2134432", "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "https://errata.almalinux.org/9/ALSA-2023-0302.html", "https://errata.rockylinux.org/RLSA-2023:0302", "https://gitlab.com/libtiff/libtiff/-/issues/423", "https://gitlab.com/libtiff/libtiff/-/merge_requests/378", "https://linux.oracle.com/cve/CVE-2022-2519.html", "https://linux.oracle.com/errata/ELSA-2023-0302.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2519", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-2519", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-08-31T16:15:11.057Z", "LastModifiedDate": "2023-02-23T15:57:57.957Z" }, { "VulnerabilityID": "CVE-2022-2520", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2520", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Assertion fail in rotateImage() function at tiffcrop.c", "Description": "A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.", "Severity": "LOW", "CweIDs": [ "CWE-131", "CWE-617" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0302", "https://access.redhat.com/security/cve/CVE-2022-2520", "https://bugzilla.redhat.com/2103222", "https://bugzilla.redhat.com/2122789", "https://bugzilla.redhat.com/2122792", "https://bugzilla.redhat.com/2122799", "https://bugzilla.redhat.com/2134432", "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "https://errata.almalinux.org/9/ALSA-2023-0302.html", "https://errata.rockylinux.org/RLSA-2023:0302", "https://gitlab.com/libtiff/libtiff/-/issues/424", "https://gitlab.com/libtiff/libtiff/-/merge_requests/378", "https://linux.oracle.com/cve/CVE-2022-2520.html", "https://linux.oracle.com/errata/ELSA-2023-0302.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2520", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-2520", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-08-31T16:15:11.117Z", "LastModifiedDate": "2023-02-28T15:39:41.33Z" }, { "VulnerabilityID": "CVE-2022-2521", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2521", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c", "Description": "It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.", "Severity": "LOW", "CweIDs": [ "CWE-763" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0302", "https://access.redhat.com/security/cve/CVE-2022-2521", "https://bugzilla.redhat.com/2103222", "https://bugzilla.redhat.com/2122789", "https://bugzilla.redhat.com/2122792", "https://bugzilla.redhat.com/2122799", "https://bugzilla.redhat.com/2134432", "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "https://errata.almalinux.org/9/ALSA-2023-0302.html", "https://errata.rockylinux.org/RLSA-2023:0302", "https://gitlab.com/libtiff/libtiff/-/issues/422", "https://gitlab.com/libtiff/libtiff/-/merge_requests/378", "https://linux.oracle.com/cve/CVE-2022-2521.html", "https://linux.oracle.com/errata/ELSA-2023-0302.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2521", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-2521", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-08-31T16:15:11.17Z", "LastModifiedDate": "2023-02-23T15:59:11.677Z" }, { "VulnerabilityID": "CVE-2022-2953", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2953", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c", "Description": "LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0302", "https://access.redhat.com/security/cve/CVE-2022-2953", "https://bugzilla.redhat.com/2103222", "https://bugzilla.redhat.com/2122789", "https://bugzilla.redhat.com/2122792", "https://bugzilla.redhat.com/2122799", "https://bugzilla.redhat.com/2134432", "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "https://errata.almalinux.org/9/ALSA-2023-0302.html", "https://errata.rockylinux.org/RLSA-2023:0302", "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json", "https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3", "https://gitlab.com/libtiff/libtiff/-/issues/414", "https://linux.oracle.com/cve/CVE-2022-2953.html", "https://linux.oracle.com/errata/ELSA-2023-0302.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2953", "https://security.netapp.com/advisory/ntap-20221014-0008/", "https://ubuntu.com/security/notices/USN-5714-1", "https://www.cve.org/CVERecord?id=CVE-2022-2953", "https://www.debian.org/security/2023/dsa-5333" ], "PublishedDate": "2022-08-29T15:15:10.73Z", "LastModifiedDate": "2023-02-23T16:01:03.75Z" }, { "VulnerabilityID": "CVE-2023-1916", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1916", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: out-of-bounds read in extractImageSection() in tools/tiffcrop.c", "Description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-1916", "https://gitlab.com/libtiff/libtiff/-/issues/536", "https://gitlab.com/libtiff/libtiff/-/issues/536%2C", "https://gitlab.com/libtiff/libtiff/-/issues/536,", "https://gitlab.com/libtiff/libtiff/-/issues/537", "https://nvd.nist.gov/vuln/detail/CVE-2023-1916", "https://support.apple.com/kb/HT213844", "https://ubuntu.com/security/notices/USN-6428-1", "https://www.cve.org/CVERecord?id=CVE-2023-1916" ], "PublishedDate": "2023-04-10T22:15:09.223Z", "LastModifiedDate": "2023-12-23T07:15:49.31Z" }, { "VulnerabilityID": "CVE-2023-30775", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30775", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c", "Description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "Severity": "LOW", "CweIDs": [ "CWE-787", "CWE-119" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2340", "https://access.redhat.com/security/cve/CVE-2023-30775", "https://bugzilla.redhat.com/2142734", "https://bugzilla.redhat.com/2142736", "https://bugzilla.redhat.com/2142738", "https://bugzilla.redhat.com/2142740", "https://bugzilla.redhat.com/2142741", "https://bugzilla.redhat.com/2142742", "https://bugzilla.redhat.com/2148918", "https://bugzilla.redhat.com/2176220", "https://bugzilla.redhat.com/2187139", "https://bugzilla.redhat.com/2187141", "https://bugzilla.redhat.com/show_bug.cgi?id=2187141", "https://errata.almalinux.org/9/ALSA-2023-2340.html", "https://gitlab.com/libtiff/libtiff/-/commit/afd7086090dafd3949afd172822cbcec4ed17d56 (v4.5.0rc1)", "https://gitlab.com/libtiff/libtiff/-/issues/464", "https://linux.oracle.com/cve/CVE-2023-30775.html", "https://linux.oracle.com/errata/ELSA-2023-2340.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-30775", "https://security.netapp.com/advisory/ntap-20230703-0002/", "https://www.cve.org/CVERecord?id=CVE-2023-30775" ], "PublishedDate": "2023-05-19T15:15:08.98Z", "LastModifiedDate": "2023-07-03T16:15:10.23Z" }, { "VulnerabilityID": "CVE-2023-3164", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3164", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap-buffer-overflow in extractImageSection()", "Description": "A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.", "Severity": "LOW", "CweIDs": [ "CWE-787", "CWE-120" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-3164", "https://bugzilla.redhat.com/show_bug.cgi?id=2213531", "https://gitlab.com/libtiff/libtiff/-/issues/542", "https://gitlab.com/libtiff/libtiff/-/merge_requests/595", "https://nvd.nist.gov/vuln/detail/CVE-2023-3164", "https://ubuntu.com/security/notices/USN-6827-1", "https://www.cve.org/CVERecord?id=CVE-2023-3164" ], "PublishedDate": "2023-11-02T12:15:09.543Z", "LastModifiedDate": "2024-03-08T19:38:13.92Z" }, { "VulnerabilityID": "CVE-2023-6228", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6228", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c", "Description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2289", "https://access.redhat.com/errata/RHSA-2024:5079", "https://access.redhat.com/security/cve/CVE-2023-6228", "https://bugzilla.redhat.com/2215865", "https://bugzilla.redhat.com/2234970", "https://bugzilla.redhat.com/2235264", "https://bugzilla.redhat.com/2235265", "https://bugzilla.redhat.com/2240995", "https://bugzilla.redhat.com/show_bug.cgi?id=1614051", "https://bugzilla.redhat.com/show_bug.cgi?id=2218744", "https://bugzilla.redhat.com/show_bug.cgi?id=2240995", "https://bugzilla.redhat.com/show_bug.cgi?id=2251344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6228", "https://errata.almalinux.org/9/ALSA-2024-2289.html", "https://errata.rockylinux.org/RLSA-2024:5079", "https://linux.oracle.com/cve/CVE-2023-6228.html", "https://linux.oracle.com/errata/ELSA-2024-5079.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-6228", "https://ubuntu.com/security/notices/USN-6644-1", "https://ubuntu.com/security/notices/USN-6644-2", "https://www.cve.org/CVERecord?id=CVE-2023-6228" ], "PublishedDate": "2023-12-18T14:15:11.84Z", "LastModifiedDate": "2024-08-07T16:15:44.117Z" }, { "VulnerabilityID": "CVE-2024-6716", "PkgName": "libtiff5", "InstalledVersion": "4.1.0+git191117-2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6716", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libtiff: Out-of-memory issue in TIFFReadEncodedStrip() may lead to Denial of Service", "Description": "A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted tiff file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service.", "Severity": "LOW", "CweIDs": [ "CWE-400" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-6716", "https://bugzilla.redhat.com/show_bug.cgi?id=2297636", "https://gitlab.com/libtiff/libtiff/-/issues/620", "https://nvd.nist.gov/vuln/detail/CVE-2024-6716", "https://www.cve.org/CVERecord?id=CVE-2024-6716" ], "PublishedDate": "2024-07-15T15:15:10.9Z", "LastModifiedDate": "2024-07-17T14:15:04.21Z" }, { "VulnerabilityID": "CVE-2021-39537", "VendorIDs": [ "DLA-3682-1" ], "PkgName": "libtinfo6", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-39537", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c", "Description": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1\u0026content-type=text/x-cvsweb-markup", "http://seclists.org/fulldisclosure/2022/Oct/28", "http://seclists.org/fulldisclosure/2022/Oct/41", "http://seclists.org/fulldisclosure/2022/Oct/43", "http://seclists.org/fulldisclosure/2022/Oct/45", "https://access.redhat.com/security/cve/CVE-2021-39537", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html", "https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-39537", "https://security.netapp.com/advisory/ntap-20230427-0012/", "https://support.apple.com/kb/HT213443", "https://support.apple.com/kb/HT213444", "https://support.apple.com/kb/HT213488", "https://ubuntu.com/security/notices/USN-5477-1", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2021-39537" ], "PublishedDate": "2021-09-20T16:15:12.477Z", "LastModifiedDate": "2023-12-03T20:15:06.86Z" }, { "VulnerabilityID": "CVE-2022-29458", "VendorIDs": [ "DLA-3167-1" ], "PkgName": "libtinfo6", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29458", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: segfaulting OOB read", "Description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V2Score": 5.8, "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "http://seclists.org/fulldisclosure/2022/Oct/28", "http://seclists.org/fulldisclosure/2022/Oct/41", "https://access.redhat.com/security/cve/CVE-2022-29458", "https://invisible-island.net/ncurses/NEWS.html#t20220416", "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "https://support.apple.com/kb/HT213488", "https://ubuntu.com/security/notices/USN-5477-1", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2022-29458" ], "PublishedDate": "2022-04-18T21:15:07.6Z", "LastModifiedDate": "2023-11-07T03:46:02.1Z" }, { "VulnerabilityID": "CVE-2023-29491", "VendorIDs": [ "DLA-3682-1" ], "PkgName": "libtinfo6", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2024-01-31T03:15:07.86Z" }, { "VulnerabilityID": "CVE-2020-19189", "VendorIDs": [ "DLA-3586-1" ], "PkgName": "libtinfo6", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-19189", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997", "Description": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://seclists.org/fulldisclosure/2023/Dec/10", "http://seclists.org/fulldisclosure/2023/Dec/11", "http://seclists.org/fulldisclosure/2023/Dec/9", "https://access.redhat.com/security/cve/CVE-2020-19189", "https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md", "https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-19189", "https://security.netapp.com/advisory/ntap-20231006-0005/", "https://support.apple.com/kb/HT214036", "https://support.apple.com/kb/HT214037", "https://support.apple.com/kb/HT214038", "https://ubuntu.com/security/notices/USN-6451-1", "https://www.cve.org/CVERecord?id=CVE-2020-19189" ], "PublishedDate": "2023-08-22T19:16:01.02Z", "LastModifiedDate": "2023-12-13T01:15:07.683Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgName": "libtinfo6", "InstalledVersion": "6.1+20181013-2+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "MEDIUM", "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2024-01-31T03:15:08.49Z" }, { "VulnerabilityID": "CVE-2023-45918", "PkgName": "libtinfo6", "InstalledVersion": "6.1+20181013-2+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45918", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c", "Description": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Severity": "LOW", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-45918", "https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45918", "https://security.netapp.com/advisory/ntap-20240315-0006/", "https://www.cve.org/CVERecord?id=CVE-2023-45918" ], "PublishedDate": "2024-02-16T22:15:07.88Z", "LastModifiedDate": "2024-03-15T11:15:08.51Z" }, { "VulnerabilityID": "CVE-2019-3843", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3843", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: services with DynamicUser can create SUID/SGID binaries", "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", "Severity": "HIGH", "CweIDs": [ "CWE-269", "CWE-266" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 4.5 } }, "References": [ "http://www.securityfocus.com/bid/108116", "https://access.redhat.com/security/cve/CVE-2019-3843", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)", "https://linux.oracle.com/cve/CVE-2019-3843.html", "https://linux.oracle.com/errata/ELSA-2020-1794.html", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", "https://nvd.nist.gov/vuln/detail/CVE-2019-3843", "https://security.netapp.com/advisory/ntap-20190619-0002/", "https://ubuntu.com/security/notices/USN-4269-1", "https://usn.ubuntu.com/4269-1/", "https://www.cve.org/CVERecord?id=CVE-2019-3843" ], "PublishedDate": "2019-04-26T21:29:00.36Z", "LastModifiedDate": "2023-11-07T03:10:14.033Z" }, { "VulnerabilityID": "CVE-2019-3844", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3844", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", "Severity": "HIGH", "CweIDs": [ "CWE-268" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 4.5 } }, "References": [ "http://www.securityfocus.com/bid/108096", "https://access.redhat.com/security/cve/CVE-2019-3844", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", "https://linux.oracle.com/cve/CVE-2019-3844.html", "https://linux.oracle.com/errata/ELSA-2020-1794.html", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2019-3844", "https://security.netapp.com/advisory/ntap-20190619-0002/", "https://ubuntu.com/security/notices/USN-4269-1", "https://usn.ubuntu.com/4269-1/", "https://www.cve.org/CVERecord?id=CVE-2019-3844" ], "PublishedDate": "2019-04-26T21:29:00.423Z", "LastModifiedDate": "2023-11-07T03:10:14.13Z" }, { "VulnerabilityID": "CVE-2020-1712", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "FixedVersion": "241-7~deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: use-after-free when asynchronous polkit queries are performed", "Description": "A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-1712", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712", "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54", "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d", "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2", "https://linux.oracle.com/cve/CVE-2020-1712.html", "https://linux.oracle.com/errata/ELSA-2020-0575.html", "https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-1712", "https://ubuntu.com/security/notices/USN-4269-1", "https://www.cve.org/CVERecord?id=CVE-2020-1712", "https://www.openwall.com/lists/oss-security/2020/02/05/1" ], "PublishedDate": "2020-03-31T17:15:26.577Z", "LastModifiedDate": "2023-11-07T03:19:28.413Z" }, { "VulnerabilityID": "CVE-2023-26604", "VendorIDs": [ "DLA-3377-1" ], "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "FixedVersion": "241-7~deb10u9", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-26604", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: privilege escalation via the less pager", "Description": "systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.", "Severity": "HIGH", "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html", "https://access.redhat.com/errata/RHSA-2023:3837", "https://access.redhat.com/security/cve/CVE-2023-26604", "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/", "https://bugzilla.redhat.com/2175611", "https://bugzilla.redhat.com/show_bug.cgi?id=2175611", "https://bugzilla.redhat.com/show_bug.cgi?id=2190153", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26604", "https://errata.almalinux.org/8/ALSA-2023-3837.html", "https://errata.rockylinux.org/RLSA-2023:3837", "https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340", "https://github.com/systemd/systemd/issues/5666", "https://linux.oracle.com/cve/CVE-2023-26604.html", "https://linux.oracle.com/errata/ELSA-2023-3837.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html", "https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7", "https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7", "https://nvd.nist.gov/vuln/detail/CVE-2023-26604", "https://security.netapp.com/advisory/ntap-20230505-0009/", "https://www.cve.org/CVERecord?id=CVE-2023-26604" ], "PublishedDate": "2023-03-03T16:15:10.607Z", "LastModifiedDate": "2023-11-07T04:09:41.293Z" }, { "VulnerabilityID": "CVE-2023-50387", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50387", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator", "Description": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/02/16/2", "http://www.openwall.com/lists/oss-security/2024/02/16/3", "https://access.redhat.com/errata/RHSA-2024:2551", "https://access.redhat.com/security/cve/CVE-2023-50387", "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released", "https://bugzilla.redhat.com/2263896", "https://bugzilla.redhat.com/2263897", "https://bugzilla.redhat.com/2263909", "https://bugzilla.redhat.com/2263911", "https://bugzilla.redhat.com/2263914", "https://bugzilla.redhat.com/2263917", "https://bugzilla.redhat.com/show_bug.cgi?id=2263896", "https://bugzilla.redhat.com/show_bug.cgi?id=2263897", "https://bugzilla.redhat.com/show_bug.cgi?id=2263909", "https://bugzilla.redhat.com/show_bug.cgi?id=2263911", "https://bugzilla.redhat.com/show_bug.cgi?id=2263914", "https://bugzilla.redhat.com/show_bug.cgi?id=2263917", "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6516", "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "https://errata.almalinux.org/9/ALSA-2024-2551.html", "https://errata.rockylinux.org/RLSA-2024:2551", "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "https://kb.isc.org/docs/cve-2023-50387", "https://linux.oracle.com/cve/CVE-2023-50387.html", "https://linux.oracle.com/errata/ELSA-2024-3741.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "https://news.ycombinator.com/item?id=39367411", "https://news.ycombinator.com/item?id=39372384", "https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt", "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "https://nvd.nist.gov/vuln/detail/CVE-2023-50387", "https://security.netapp.com/advisory/ntap-20240307-0007/", "https://ubuntu.com/security/notices/USN-6633-1", "https://ubuntu.com/security/notices/USN-6642-1", "https://ubuntu.com/security/notices/USN-6657-1", "https://ubuntu.com/security/notices/USN-6657-2", "https://ubuntu.com/security/notices/USN-6665-1", "https://ubuntu.com/security/notices/USN-6723-1", "https://www.athene-center.de/aktuelles/key-trap", "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "https://www.cve.org/CVERecord?id=CVE-2023-50387", "https://www.isc.org/blogs/2024-bind-security-release/", "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html", "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/" ], "PublishedDate": "2024-02-14T16:15:45.3Z", "LastModifiedDate": "2024-06-10T17:16:15.963Z" }, { "VulnerabilityID": "CVE-2023-50868", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50868", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources", "Description": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/02/16/2", "http://www.openwall.com/lists/oss-security/2024/02/16/3", "https://access.redhat.com/errata/RHSA-2024:2551", "https://access.redhat.com/security/cve/CVE-2023-50868", "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released", "https://bugzilla.redhat.com/2263896", "https://bugzilla.redhat.com/2263897", "https://bugzilla.redhat.com/2263909", "https://bugzilla.redhat.com/2263911", "https://bugzilla.redhat.com/2263914", "https://bugzilla.redhat.com/2263917", "https://bugzilla.redhat.com/show_bug.cgi?id=2263896", "https://bugzilla.redhat.com/show_bug.cgi?id=2263897", "https://bugzilla.redhat.com/show_bug.cgi?id=2263909", "https://bugzilla.redhat.com/show_bug.cgi?id=2263911", "https://bugzilla.redhat.com/show_bug.cgi?id=2263914", "https://bugzilla.redhat.com/show_bug.cgi?id=2263917", "https://bugzilla.suse.com/show_bug.cgi?id=1219826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6516", "https://datatracker.ietf.org/doc/html/rfc5155", "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "https://errata.almalinux.org/9/ALSA-2024-2551.html", "https://errata.rockylinux.org/RLSA-2024:2551", "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "https://kb.isc.org/docs/cve-2023-50868", "https://linux.oracle.com/cve/CVE-2023-50868.html", "https://linux.oracle.com/errata/ELSA-2024-3741.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt", "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "https://nvd.nist.gov/vuln/detail/CVE-2023-50868", "https://security.netapp.com/advisory/ntap-20240307-0008/", "https://ubuntu.com/security/notices/USN-6633-1", "https://ubuntu.com/security/notices/USN-6642-1", "https://ubuntu.com/security/notices/USN-6657-1", "https://ubuntu.com/security/notices/USN-6657-2", "https://ubuntu.com/security/notices/USN-6665-1", "https://ubuntu.com/security/notices/USN-6723-1", "https://www.cve.org/CVERecord?id=CVE-2023-50868", "https://www.isc.org/blogs/2024-bind-security-release/", "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html" ], "PublishedDate": "2024-02-14T16:15:45.377Z", "LastModifiedDate": "2024-06-10T17:16:16.2Z" }, { "VulnerabilityID": "CVE-2021-33910", "VendorIDs": [ "DSA-4942-1" ], "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "FixedVersion": "241-7~deb10u8", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33910", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash", "Description": "basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html", "http://www.openwall.com/lists/oss-security/2021/08/04/2", "http://www.openwall.com/lists/oss-security/2021/08/17/3", "http://www.openwall.com/lists/oss-security/2021/09/07/3", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33910.json", "https://access.redhat.com/security/cve/CVE-2021-33910", "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b", "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce", "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538", "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61", "https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b", "https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9", "https://linux.oracle.com/cve/CVE-2021-33910.html", "https://linux.oracle.com/errata/ELSA-2021-2717.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", "https://nvd.nist.gov/vuln/detail/CVE-2021-33910", "https://security.gentoo.org/glsa/202107-48", "https://security.netapp.com/advisory/ntap-20211104-0008/", "https://ubuntu.com/security/notices/USN-5013-1", "https://ubuntu.com/security/notices/USN-5013-2", "https://www.cve.org/CVERecord?id=CVE-2021-33910", "https://www.debian.org/security/2021/dsa-4942", "https://www.openwall.com/lists/oss-security/2021/07/20/2", "https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt" ], "PublishedDate": "2021-07-20T19:15:09.783Z", "LastModifiedDate": "2023-11-07T03:35:56.16Z" }, { "VulnerabilityID": "CVE-2021-3997", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3997", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: Uncontrolled recursion in systemd-tmpfiles when removing files", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-3997", "https://bugzilla.redhat.com/show_bug.cgi?id=2024639", "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1", "https://nvd.nist.gov/vuln/detail/CVE-2021-3997", "https://security.gentoo.org/glsa/202305-15", "https://ubuntu.com/security/notices/USN-5226-1", "https://www.cve.org/CVERecord?id=CVE-2021-3997", "https://www.openwall.com/lists/oss-security/2022/01/10/2" ], "PublishedDate": "2022-08-23T20:15:08.67Z", "LastModifiedDate": "2023-05-03T12:15:15.95Z" }, { "VulnerabilityID": "CVE-2022-3821", "VendorIDs": [ "DLA-3474-1" ], "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "FixedVersion": "241-7~deb10u10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3821", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: buffer overrun in format_timespan() function", "Description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-193" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0336", "https://access.redhat.com/security/cve/CVE-2022-3821", "https://bugzilla.redhat.com/2139327", "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3821", "https://errata.almalinux.org/9/ALSA-2023-0336.html", "https://errata.rockylinux.org/RLSA-2023:0336", "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", "https://github.com/systemd/systemd/issues/23928", "https://github.com/systemd/systemd/pull/23933", "https://linux.oracle.com/cve/CVE-2022-3821.html", "https://linux.oracle.com/errata/ELSA-2023-0336.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/", "https://nvd.nist.gov/vuln/detail/CVE-2022-3821", "https://security.gentoo.org/glsa/202305-15", "https://ubuntu.com/security/notices/USN-5928-1", "https://www.cve.org/CVERecord?id=CVE-2022-3821" ], "PublishedDate": "2022-11-08T22:15:16.7Z", "LastModifiedDate": "2023-11-07T03:51:50.43Z" }, { "VulnerabilityID": "CVE-2022-4415", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4415", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting", "Description": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", "Severity": "MEDIUM", "CweIDs": [ "CWE-200" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0954", "https://access.redhat.com/security/cve/CVE-2022-4415", "https://bugzilla.redhat.com/2149063", "https://bugzilla.redhat.com/2155515", "https://bugzilla.redhat.com/show_bug.cgi?id=2149063", "https://bugzilla.redhat.com/show_bug.cgi?id=2155515", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45873", "https://errata.almalinux.org/9/ALSA-2023-0954.html", "https://errata.rockylinux.org/RLSA-2023:0954", "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c", "https://linux.oracle.com/cve/CVE-2022-4415.html", "https://linux.oracle.com/errata/ELSA-2023-0954.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4415", "https://ubuntu.com/security/notices/USN-5928-1", "https://www.cve.org/CVERecord?id=CVE-2022-4415", "https://www.openwall.com/lists/oss-security/2022/12/21/3" ], "PublishedDate": "2023-01-11T15:15:09.59Z", "LastModifiedDate": "2023-02-02T16:19:28.633Z" }, { "VulnerabilityID": "CVE-2023-7008", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7008", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-300" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2463", "https://access.redhat.com/errata/RHSA-2024:3203", "https://access.redhat.com/security/cve/CVE-2023-7008", "https://bugzilla.redhat.com/2222672", "https://bugzilla.redhat.com/show_bug.cgi?id=2222261", "https://bugzilla.redhat.com/show_bug.cgi?id=2222672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008", "https://errata.almalinux.org/9/ALSA-2024-2463.html", "https://errata.rockylinux.org/RLSA-2024:2463", "https://github.com/systemd/systemd/issues/25676", "https://linux.oracle.com/cve/CVE-2023-7008.html", "https://linux.oracle.com/errata/ELSA-2024-3203.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/", "https://nvd.nist.gov/vuln/detail/CVE-2023-7008", "https://www.cve.org/CVERecord?id=CVE-2023-7008" ], "PublishedDate": "2023-12-23T13:15:07.573Z", "LastModifiedDate": "2024-05-22T17:16:10.83Z" }, { "VulnerabilityID": "CVE-2013-4392", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "Severity": "LOW", "CweIDs": [ "CWE-59" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "V2Score": 3.3 }, "redhat": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "V2Score": 3.3 } }, "References": [ "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "http://www.openwall.com/lists/oss-security/2013/10/01/9", "https://access.redhat.com/security/cve/CVE-2013-4392", "https://bugzilla.redhat.com/show_bug.cgi?id=859060", "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "https://www.cve.org/CVERecord?id=CVE-2013-4392" ], "PublishedDate": "2013-10-28T22:55:03.773Z", "LastModifiedDate": "2022-01-31T17:49:14.387Z" }, { "VulnerabilityID": "CVE-2019-20386", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: memory leak in button_open() in login/logind-button.c when udev events are received", "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V2Score": 2.1, "V3Score": 2.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.4 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", "https://access.redhat.com/security/cve/CVE-2019-20386", "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", "https://linux.oracle.com/cve/CVE-2019-20386.html", "https://linux.oracle.com/errata/ELSA-2020-4553.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/", "https://nvd.nist.gov/vuln/detail/CVE-2019-20386", "https://security.netapp.com/advisory/ntap-20200210-0002/", "https://ubuntu.com/security/notices/USN-4269-1", "https://usn.ubuntu.com/4269-1/", "https://www.cve.org/CVERecord?id=CVE-2019-20386" ], "PublishedDate": "2020-01-21T06:15:11.827Z", "LastModifiedDate": "2023-11-07T03:09:08.387Z" }, { "VulnerabilityID": "CVE-2020-13529", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13529", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured", "Description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "Severity": "LOW", "CweIDs": [ "CWE-290" ], "CVSS": { "nvd": { "V2Vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V2Score": 2.9, "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2021/08/04/2", "http://www.openwall.com/lists/oss-security/2021/08/17/3", "http://www.openwall.com/lists/oss-security/2021/09/07/3", "https://access.redhat.com/security/cve/CVE-2020-13529", "https://linux.oracle.com/cve/CVE-2020-13529.html", "https://linux.oracle.com/errata/ELSA-2021-4361.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", "https://nvd.nist.gov/vuln/detail/CVE-2020-13529", "https://security.gentoo.org/glsa/202107-48", "https://security.netapp.com/advisory/ntap-20210625-0005/", "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142", "https://ubuntu.com/security/notices/USN-5013-1", "https://ubuntu.com/security/notices/USN-5013-2", "https://www.cve.org/CVERecord?id=CVE-2020-13529" ], "PublishedDate": "2021-05-10T16:15:07.373Z", "LastModifiedDate": "2023-11-07T03:16:42.717Z" }, { "VulnerabilityID": "CVE-2023-31437", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can modify a seale ...", "Description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.657Z", "LastModifiedDate": "2024-08-02T15:16:07.647Z" }, { "VulnerabilityID": "CVE-2023-31438", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", "Description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.707Z", "LastModifiedDate": "2024-08-02T15:16:07.753Z" }, { "VulnerabilityID": "CVE-2023-31439", "PkgName": "libudev1", "InstalledVersion": "241-7~deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can modify the con ...", "Description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.753Z", "LastModifiedDate": "2024-08-02T15:16:07.843Z" }, { "VulnerabilityID": "CVE-2024-28085", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "libuuid1", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2024-06-10T17:16:24.37Z" }, { "VulnerabilityID": "CVE-2021-37600", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "libuuid1", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", "Description": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 1.2, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-37600", "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", "https://github.com/karelzak/util-linux/issues/1395", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20210902-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-37600" ], "PublishedDate": "2021-07-30T14:15:18.737Z", "LastModifiedDate": "2024-08-04T02:15:24.44Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgName": "libuuid1", "InstalledVersion": "2.33.1-0.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2024-01-07T09:15:08.713Z" }, { "VulnerabilityID": "CVE-2018-25009", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-25009", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: out-of-bounds read in WebPMuxCreateInternal", "Description": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().", "Severity": "CRITICAL", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V2Score": 6.4, "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-25009", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100", "https://bugzilla.redhat.com/show_bug.cgi?id=1956853", "https://bugzilla.redhat.com/show_bug.cgi?id=1956856", "https://bugzilla.redhat.com/show_bug.cgi?id=1956868", "https://bugzilla.redhat.com/show_bug.cgi?id=1956917", "https://bugzilla.redhat.com/show_bug.cgi?id=1956918", "https://bugzilla.redhat.com/show_bug.cgi?id=1956922", "https://bugzilla.redhat.com/show_bug.cgi?id=1956926", "https://bugzilla.redhat.com/show_bug.cgi?id=1956927", "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332", "https://errata.almalinux.org/8/ALSA-2021-4231.html", "https://errata.rockylinux.org/RLSA-2021:4231", "https://linux.oracle.com/cve/CVE-2018-25009.html", "https://linux.oracle.com/errata/ELSA-2021-4231.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-25009", "https://ubuntu.com/security/notices/USN-4971-1", "https://ubuntu.com/security/notices/USN-4971-2", "https://www.cve.org/CVERecord?id=CVE-2018-25009" ], "PublishedDate": "2021-05-21T17:15:08.007Z", "LastModifiedDate": "2023-02-17T03:41:28.803Z" }, { "VulnerabilityID": "CVE-2018-25010", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-25010", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: out-of-bounds read in ApplyFilter()", "Description": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().", "Severity": "CRITICAL", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V2Score": 6.4, "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-25010", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105", "https://bugzilla.redhat.com/show_bug.cgi?id=1956853", "https://bugzilla.redhat.com/show_bug.cgi?id=1956856", "https://bugzilla.redhat.com/show_bug.cgi?id=1956868", "https://bugzilla.redhat.com/show_bug.cgi?id=1956917", "https://bugzilla.redhat.com/show_bug.cgi?id=1956918", "https://bugzilla.redhat.com/show_bug.cgi?id=1956922", "https://bugzilla.redhat.com/show_bug.cgi?id=1956926", "https://bugzilla.redhat.com/show_bug.cgi?id=1956927", "https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332", "https://errata.almalinux.org/8/ALSA-2021-4231.html", "https://errata.rockylinux.org/RLSA-2021:4231", "https://linux.oracle.com/cve/CVE-2018-25010.html", "https://linux.oracle.com/errata/ELSA-2021-4231.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-25010", "https://ubuntu.com/security/notices/USN-4971-1", "https://ubuntu.com/security/notices/USN-4971-2", "https://www.cve.org/CVERecord?id=CVE-2018-25010" ], "PublishedDate": "2021-05-21T17:15:08.05Z", "LastModifiedDate": "2023-02-10T17:45:04.293Z" }, { "VulnerabilityID": "CVE-2018-25011", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-25011", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: heap-based buffer overflow in PutLE16()", "Description": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25011.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36328.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36329.json", "https://access.redhat.com/security/cve/CVE-2018-25011", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119", "https://bugzilla.redhat.com/show_bug.cgi?id=1956919", "https://chromium.googlesource.com/webm/libwebp/+/v1.0.1", "https://chromium.googlesource.com/webm/libwebp/+log/be738c6d396fa5a272c1b209be4379a7532debfe..29fb8562c60b5a919a75d904ff7366af423f8ab9?pretty=fuller\u0026n=10000", "https://linux.oracle.com/cve/CVE-2018-25011.html", "https://linux.oracle.com/errata/ELSA-2021-2354.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-25011", "https://ubuntu.com/security/notices/USN-4971-1", "https://ubuntu.com/security/notices/USN-4971-2", "https://www.cve.org/CVERecord?id=CVE-2018-25011" ], "PublishedDate": "2021-05-21T17:15:08.09Z", "LastModifiedDate": "2023-02-10T17:46:37.69Z" }, { "VulnerabilityID": "CVE-2018-25012", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-25012", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: out-of-bounds read in WebPMuxCreateInternal()", "Description": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().", "Severity": "CRITICAL", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V2Score": 6.4, "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-25012", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123", "https://bugzilla.redhat.com/show_bug.cgi?id=1956853", "https://bugzilla.redhat.com/show_bug.cgi?id=1956856", "https://bugzilla.redhat.com/show_bug.cgi?id=1956868", "https://bugzilla.redhat.com/show_bug.cgi?id=1956917", "https://bugzilla.redhat.com/show_bug.cgi?id=1956918", "https://bugzilla.redhat.com/show_bug.cgi?id=1956922", "https://bugzilla.redhat.com/show_bug.cgi?id=1956926", "https://bugzilla.redhat.com/show_bug.cgi?id=1956927", "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332", "https://errata.almalinux.org/8/ALSA-2021-4231.html", "https://errata.rockylinux.org/RLSA-2021:4231", "https://linux.oracle.com/cve/CVE-2018-25012.html", "https://linux.oracle.com/errata/ELSA-2021-4231.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-25012", "https://ubuntu.com/security/notices/USN-4971-1", "https://ubuntu.com/security/notices/USN-4971-2", "https://www.cve.org/CVERecord?id=CVE-2018-25012" ], "PublishedDate": "2021-05-21T17:15:08.127Z", "LastModifiedDate": "2023-02-28T15:46:20.41Z" }, { "VulnerabilityID": "CVE-2018-25013", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-25013", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: out-of-bounds read in ShiftBytes()", "Description": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().", "Severity": "CRITICAL", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V2Score": 6.4, "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-25013", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417", "https://bugzilla.redhat.com/show_bug.cgi?id=1956853", "https://bugzilla.redhat.com/show_bug.cgi?id=1956856", "https://bugzilla.redhat.com/show_bug.cgi?id=1956868", "https://bugzilla.redhat.com/show_bug.cgi?id=1956917", "https://bugzilla.redhat.com/show_bug.cgi?id=1956918", "https://bugzilla.redhat.com/show_bug.cgi?id=1956922", "https://bugzilla.redhat.com/show_bug.cgi?id=1956926", "https://bugzilla.redhat.com/show_bug.cgi?id=1956927", "https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332", "https://errata.almalinux.org/8/ALSA-2021-4231.html", "https://errata.rockylinux.org/RLSA-2021:4231", "https://linux.oracle.com/cve/CVE-2018-25013.html", "https://linux.oracle.com/errata/ELSA-2021-4231.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-25013", "https://ubuntu.com/security/notices/USN-4971-1", "https://ubuntu.com/security/notices/USN-4971-2", "https://www.cve.org/CVERecord?id=CVE-2018-25013" ], "PublishedDate": "2021-05-21T17:15:08.163Z", "LastModifiedDate": "2023-02-09T02:21:33.72Z" }, { "VulnerabilityID": "CVE-2018-25014", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-25014", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: use of uninitialized value in ReadSymbol()", "Description": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().", "Severity": "CRITICAL", "CweIDs": [ "CWE-908" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-25014", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496", "https://bugzilla.redhat.com/show_bug.cgi?id=1956853", "https://bugzilla.redhat.com/show_bug.cgi?id=1956856", "https://bugzilla.redhat.com/show_bug.cgi?id=1956868", "https://bugzilla.redhat.com/show_bug.cgi?id=1956917", "https://bugzilla.redhat.com/show_bug.cgi?id=1956918", "https://bugzilla.redhat.com/show_bug.cgi?id=1956922", "https://bugzilla.redhat.com/show_bug.cgi?id=1956926", "https://bugzilla.redhat.com/show_bug.cgi?id=1956927", "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332", "https://errata.almalinux.org/8/ALSA-2021-4231.html", "https://errata.rockylinux.org/RLSA-2021:4231", "https://linux.oracle.com/cve/CVE-2018-25014.html", "https://linux.oracle.com/errata/ELSA-2021-4231.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-25014", "https://ubuntu.com/security/notices/USN-4971-1", "https://ubuntu.com/security/notices/USN-4971-2", "https://www.cve.org/CVERecord?id=CVE-2018-25014" ], "PublishedDate": "2021-05-21T17:15:08.203Z", "LastModifiedDate": "2023-02-09T02:24:26.62Z" }, { "VulnerabilityID": "CVE-2020-36328", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36328", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions", "Description": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://seclists.org/fulldisclosure/2021/Jul/54", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25011.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36328.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36329.json", "https://access.redhat.com/security/cve/CVE-2020-36328", "https://bugzilla.redhat.com/show_bug.cgi?id=1956829", "https://linux.oracle.com/cve/CVE-2020-36328.html", "https://linux.oracle.com/errata/ELSA-2021-2354.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-36328", "https://security.netapp.com/advisory/ntap-20211112-0001/", "https://support.apple.com/kb/HT212601", "https://ubuntu.com/security/notices/USN-4971-1", "https://ubuntu.com/security/notices/USN-4971-2", "https://www.cve.org/CVERecord?id=CVE-2020-36328", "https://www.debian.org/security/2021/dsa-4930" ], "PublishedDate": "2021-05-21T17:15:08.27Z", "LastModifiedDate": "2023-01-09T16:41:59.35Z" }, { "VulnerabilityID": "CVE-2020-36329", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36329", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c", "Description": "A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Severity": "CRITICAL", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://seclists.org/fulldisclosure/2021/Jul/54", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25011.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36328.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36329.json", "https://access.redhat.com/security/cve/CVE-2020-36329", "https://bugzilla.redhat.com/show_bug.cgi?id=1956843", "https://linux.oracle.com/cve/CVE-2020-36329.html", "https://linux.oracle.com/errata/ELSA-2021-2354.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-36329", "https://security.netapp.com/advisory/ntap-20211112-0001/", "https://support.apple.com/kb/HT212601", "https://ubuntu.com/security/notices/USN-4971-1", "https://ubuntu.com/security/notices/USN-4971-2", "https://www.cve.org/CVERecord?id=CVE-2020-36329", "https://www.debian.org/security/2021/dsa-4930" ], "PublishedDate": "2021-05-21T17:15:08.313Z", "LastModifiedDate": "2023-01-09T16:41:59.35Z" }, { "VulnerabilityID": "CVE-2020-36330", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36330", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c", "Description": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.", "Severity": "CRITICAL", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V2Score": 6.4, "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 } }, "References": [ "http://seclists.org/fulldisclosure/2021/Jul/54", "https://access.redhat.com/security/cve/CVE-2020-36330", "https://bugzilla.redhat.com/show_bug.cgi?id=1956853", "https://bugzilla.redhat.com/show_bug.cgi?id=1956856", "https://bugzilla.redhat.com/show_bug.cgi?id=1956868", "https://bugzilla.redhat.com/show_bug.cgi?id=1956917", "https://bugzilla.redhat.com/show_bug.cgi?id=1956918", "https://bugzilla.redhat.com/show_bug.cgi?id=1956922", "https://bugzilla.redhat.com/show_bug.cgi?id=1956926", "https://bugzilla.redhat.com/show_bug.cgi?id=1956927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332", "https://errata.almalinux.org/8/ALSA-2021-4231.html", "https://errata.rockylinux.org/RLSA-2021:4231", "https://linux.oracle.com/cve/CVE-2020-36330.html", "https://linux.oracle.com/errata/ELSA-2021-4231.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-36330", "https://security.netapp.com/advisory/ntap-20211104-0004/", "https://support.apple.com/kb/HT212601", "https://ubuntu.com/security/notices/USN-4971-1", "https://ubuntu.com/security/notices/USN-4971-2", "https://www.cve.org/CVERecord?id=CVE-2020-36330", "https://www.debian.org/security/2021/dsa-4930" ], "PublishedDate": "2021-05-21T17:15:08.353Z", "LastModifiedDate": "2021-11-30T19:43:36.433Z" }, { "VulnerabilityID": "CVE-2020-36331", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36331", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c", "Description": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.", "Severity": "CRITICAL", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V2Score": 6.4, "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 } }, "References": [ "http://seclists.org/fulldisclosure/2021/Jul/54", "https://access.redhat.com/security/cve/CVE-2020-36331", "https://bugzilla.redhat.com/show_bug.cgi?id=1956853", "https://bugzilla.redhat.com/show_bug.cgi?id=1956856", "https://bugzilla.redhat.com/show_bug.cgi?id=1956868", "https://bugzilla.redhat.com/show_bug.cgi?id=1956917", "https://bugzilla.redhat.com/show_bug.cgi?id=1956918", "https://bugzilla.redhat.com/show_bug.cgi?id=1956922", "https://bugzilla.redhat.com/show_bug.cgi?id=1956926", "https://bugzilla.redhat.com/show_bug.cgi?id=1956927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332", "https://errata.almalinux.org/8/ALSA-2021-4231.html", "https://errata.rockylinux.org/RLSA-2021:4231", "https://linux.oracle.com/cve/CVE-2020-36331.html", "https://linux.oracle.com/errata/ELSA-2021-4231.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-36331", "https://security.netapp.com/advisory/ntap-20211112-0001/", "https://support.apple.com/kb/HT212601", "https://ubuntu.com/security/notices/USN-4971-1", "https://ubuntu.com/security/notices/USN-4971-2", "https://www.cve.org/CVERecord?id=CVE-2020-36331", "https://www.debian.org/security/2021/dsa-4930" ], "PublishedDate": "2021-05-21T17:15:08.397Z", "LastModifiedDate": "2023-01-09T16:41:59.35Z" }, { "VulnerabilityID": "CVE-2020-36332", "VendorIDs": [ "DSA-4930-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36332", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: excessive memory allocation when reading a file", "Description": "A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.", "Severity": "HIGH", "CweIDs": [ "CWE-400", "CWE-20" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-36332", "https://bugzilla.redhat.com/show_bug.cgi?id=1956853", "https://bugzilla.redhat.com/show_bug.cgi?id=1956856", "https://bugzilla.redhat.com/show_bug.cgi?id=1956868", "https://bugzilla.redhat.com/show_bug.cgi?id=1956917", "https://bugzilla.redhat.com/show_bug.cgi?id=1956918", "https://bugzilla.redhat.com/show_bug.cgi?id=1956922", "https://bugzilla.redhat.com/show_bug.cgi?id=1956926", "https://bugzilla.redhat.com/show_bug.cgi?id=1956927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332", "https://errata.almalinux.org/8/ALSA-2021-4231.html", "https://errata.rockylinux.org/RLSA-2021:4231", "https://linux.oracle.com/cve/CVE-2020-36332.html", "https://linux.oracle.com/errata/ELSA-2021-4231.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-36332", "https://security.netapp.com/advisory/ntap-20211104-0004/", "https://ubuntu.com/security/notices/USN-4971-1", "https://www.cve.org/CVERecord?id=CVE-2020-36332", "https://www.debian.org/security/2021/dsa-4930" ], "PublishedDate": "2021-05-21T17:15:08.443Z", "LastModifiedDate": "2023-11-07T03:22:14.807Z" }, { "VulnerabilityID": "CVE-2023-1999", "VendorIDs": [ "DLA-3439-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1999", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Mozilla: libwebp: Double-free in libwebp", "Description": "There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. \n", "Severity": "HIGH", "CweIDs": [ "CWE-415", "CWE-416" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2078", "https://access.redhat.com/security/cve/CVE-2023-1999", "https://bugzilla.redhat.com/2186102", "https://bugzilla.redhat.com/show_bug.cgi?id=2186102", "https://chromium.googlesource.com/webm/libwebp", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1999", "https://errata.almalinux.org/9/ALSA-2023-2078.html", "https://errata.rockylinux.org/RLSA-2023:2078", "https://linux.oracle.com/cve/CVE-2023-1999.html", "https://linux.oracle.com/errata/ELSA-2023-2078.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-1999", "https://security.gentoo.org/glsa/202309-05", "https://ubuntu.com/security/notices/USN-6078-1", "https://ubuntu.com/security/notices/USN-6078-2", "https://www.cve.org/CVERecord?id=CVE-2023-1999", "https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-1999", "https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999", "https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999" ], "PublishedDate": "2023-06-20T12:15:09.6Z", "LastModifiedDate": "2023-09-17T09:15:12.183Z" }, { "VulnerabilityID": "CVE-2023-4863", "VendorIDs": [ "DLA-3570-1" ], "PkgName": "libwebp6", "InstalledVersion": "0.6.1-2", "FixedVersion": "0.6.1-2+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4863", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libwebp: Heap buffer overflow in WebP Codec", "Description": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "V3Score": 9.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/09/21/4", "http://www.openwall.com/lists/oss-security/2023/09/22/1", "http://www.openwall.com/lists/oss-security/2023/09/22/3", "http://www.openwall.com/lists/oss-security/2023/09/22/4", "http://www.openwall.com/lists/oss-security/2023/09/22/5", "http://www.openwall.com/lists/oss-security/2023/09/22/6", "http://www.openwall.com/lists/oss-security/2023/09/22/7", "http://www.openwall.com/lists/oss-security/2023/09/22/8", "http://www.openwall.com/lists/oss-security/2023/09/26/1", "http://www.openwall.com/lists/oss-security/2023/09/26/7", "http://www.openwall.com/lists/oss-security/2023/09/28/1", "http://www.openwall.com/lists/oss-security/2023/09/28/2", "http://www.openwall.com/lists/oss-security/2023/09/28/4", "https://access.redhat.com/errata/RHSA-2023:5224", "https://access.redhat.com/security/cve/CVE-2023-4863", "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway", "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", "https://blog.isosceles.com/the-webp-0day", "https://blog.isosceles.com/the-webp-0day/", "https://bugzilla.redhat.com/2238431", "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", "https://bugzilla.suse.com/show_bug.cgi?id=1215231", "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", "https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a", "https://crbug.com/1479274", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5129", "https://en.bandisoft.com/honeyview/history", "https://en.bandisoft.com/honeyview/history/", "https://errata.almalinux.org/9/ALSA-2023-5224.html", "https://errata.rockylinux.org/RLSA-2023:5214", "https://github.com/ImageMagick/ImageMagick/discussions/6664", "https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0", "https://github.com/electron/electron/pull/39823", "https://github.com/electron/electron/pull/39825", "https://github.com/electron/electron/pull/39826", "https://github.com/electron/electron/pull/39827", "https://github.com/electron/electron/pull/39828", "https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc", "https://github.com/jaredforth/webp/pull/30", "https://github.com/python-pillow/Pillow/pull/7395", "https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b", "https://github.com/qnighy/libwebp-sys2-rs/pull/21", "https://github.com/webmproject/libwebp", "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", "https://linux.oracle.com/cve/CVE-2023-4863.html", "https://linux.oracle.com/errata/ELSA-2023-5309.html", "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", "https://news.ycombinator.com/item?id=37478403", "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", "https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security", "https://rustsec.org/advisories/RUSTSEC-2023-0060.html", "https://rustsec.org/advisories/RUSTSEC-2023-0061.html", "https://security-tracker.debian.org/tracker/CVE-2023-4863", "https://security.gentoo.org/glsa/202309-05", "https://security.gentoo.org/glsa/202401-10", "https://security.netapp.com/advisory/ntap-20230929-0011", "https://security.netapp.com/advisory/ntap-20230929-0011/", "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863", "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", "https://ubuntu.com/security/notices/USN-6367-1", "https://ubuntu.com/security/notices/USN-6368-1", "https://ubuntu.com/security/notices/USN-6369-1", "https://ubuntu.com/security/notices/USN-6369-2", "https://www.bentley.com/advisories/be-2023-0001", "https://www.bentley.com/advisories/be-2023-0001/", "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks", "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "https://www.cve.org/CVERecord?id=CVE-2023-4863", "https://www.debian.org/security/2023/dsa-5496", "https://www.debian.org/security/2023/dsa-5497", "https://www.debian.org/security/2023/dsa-5498", "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40", "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/" ], "PublishedDate": "2023-09-12T15:15:24.327Z", "LastModifiedDate": "2024-07-31T18:19:23.71Z" }, { "VulnerabilityID": "CVE-2021-31535", "VendorIDs": [ "DSA-4920-1" ], "PkgName": "libx11-6", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-31535", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: missing request length checks", "Description": "LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.", "Severity": "CRITICAL", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html", "http://seclists.org/fulldisclosure/2021/May/52", "http://www.openwall.com/lists/oss-security/2021/05/18/2", "https://access.redhat.com/security/cve/CVE-2021-31535", "https://bugzilla.redhat.com/show_bug.cgi?id=1961822", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31535", "https://errata.almalinux.org/8/ALSA-2021-4326.html", "https://errata.rockylinux.org/RLSA-2021:4326", "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605", "https://linux.oracle.com/cve/CVE-2021-31535.html", "https://linux.oracle.com/errata/ELSA-2021-4326.html", "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E", "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E", "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/", "https://lists.freedesktop.org/archives/xorg/", "https://lists.x.org/archives/xorg-announce/2021-May/003088.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-31535", "https://security.gentoo.org/glsa/202105-16", "https://security.netapp.com/advisory/ntap-20210813-0001/", "https://ubuntu.com/security/notices/USN-4966-1", "https://ubuntu.com/security/notices/USN-4966-2", "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/", "https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt", "https://www.cve.org/CVERecord?id=CVE-2021-31535", "https://www.debian.org/security/2021/dsa-4920", "https://www.openwall.com/lists/oss-security/2021/05/18/2", "https://www.openwall.com/lists/oss-security/2021/05/18/3" ], "PublishedDate": "2021-05-27T13:15:08.24Z", "LastModifiedDate": "2023-11-07T03:34:58.383Z" }, { "VulnerabilityID": "CVE-2020-14363", "PkgName": "libx11-6", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14363", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: integer overflow leads to double free in locale handling", "Description": "An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.", "Severity": "HIGH", "CweIDs": [ "CWE-190", "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-14363", "https://bugzilla.redhat.com/show_bug.cgi?id=1826141", "https://bugzilla.redhat.com/show_bug.cgi?id=1854920", "https://bugzilla.redhat.com/show_bug.cgi?id=1856738", "https://bugzilla.redhat.com/show_bug.cgi?id=1862241", "https://bugzilla.redhat.com/show_bug.cgi?id=1862246", "https://bugzilla.redhat.com/show_bug.cgi?id=1862255", "https://bugzilla.redhat.com/show_bug.cgi?id=1862258", "https://bugzilla.redhat.com/show_bug.cgi?id=1863142", "https://bugzilla.redhat.com/show_bug.cgi?id=1869139", "https://bugzilla.redhat.com/show_bug.cgi?id=1869142", "https://bugzilla.redhat.com/show_bug.cgi?id=1869144", "https://bugzilla.redhat.com/show_bug.cgi?id=1872473", "https://bugzilla.redhat.com/show_bug.cgi?id=1878160", "https://bugzilla.redhat.com/show_bug.cgi?id=1886644", "https://bugzilla.redhat.com/show_bug.cgi?id=1886648", "https://bugzilla.redhat.com/show_bug.cgi?id=1887276", "https://bugzilla.redhat.com/show_bug.cgi?id=1887654", "https://bugzilla.redhat.com/show_bug.cgi?id=1887655", "https://bugzilla.redhat.com/show_bug.cgi?id=1891871", "https://bugzilla.redhat.com/show_bug.cgi?id=1896442", "https://bugzilla.redhat.com/show_bug.cgi?id=1897439", "https://bugzilla.redhat.com/show_bug.cgi?id=1914411", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14345", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14346", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14347", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14360", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14361", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14362", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14363", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25712", "https://errata.almalinux.org/8/ALSA-2021-1804.html", "https://errata.rockylinux.org/RLSA-2021:1804", "https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt", "https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh", "https://linux.oracle.com/cve/CVE-2020-14363.html", "https://linux.oracle.com/errata/ELSA-2021-1804.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/", "https://lists.x.org/archives/xorg-announce/2020-August/003056.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-14363", "https://ubuntu.com/security/notices/USN-4487-1", "https://ubuntu.com/security/notices/USN-4487-2", "https://usn.ubuntu.com/4487-2/", "https://www.cve.org/CVERecord?id=CVE-2020-14363" ], "PublishedDate": "2020-09-11T18:15:13.38Z", "LastModifiedDate": "2023-11-07T03:17:11.07Z" }, { "VulnerabilityID": "CVE-2023-3138", "VendorIDs": [ "DLA-3472-1" ], "PkgName": "libx11-6", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3138", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow", "Description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "Severity": "HIGH", "CweIDs": [ "CWE-787", "CWE-119" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6497", "https://access.redhat.com/security/cve/CVE-2023-3138", "https://bugzilla.redhat.com/2213748", "https://errata.almalinux.org/9/ALSA-2023-6497.html", "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c", "https://linux.oracle.com/cve/CVE-2023-3138.html", "https://linux.oracle.com/errata/ELSA-2023-7029.html", "https://lists.x.org/archives/xorg-announce/2023-June/003406.html", "https://lists.x.org/archives/xorg-announce/2023-June/003407.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3138", "https://security.netapp.com/advisory/ntap-20231208-0008/", "https://ubuntu.com/security/notices/USN-6168-1", "https://ubuntu.com/security/notices/USN-6168-2", "https://www.cve.org/CVERecord?id=CVE-2023-3138" ], "PublishedDate": "2023-06-28T21:15:10.247Z", "LastModifiedDate": "2023-12-08T19:15:07.58Z" }, { "VulnerabilityID": "CVE-2023-43787", "VendorIDs": [ "DLA-3602-1" ], "PkgName": "libx11-6", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-43787", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: integer overflow in XCreateImage() leading to a heap overflow", "Description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "Severity": "HIGH", "CweIDs": [ "CWE-190", "CWE-122" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/24/9", "https://access.redhat.com/errata/RHSA-2024:2145", "https://access.redhat.com/errata/RHSA-2024:2973", "https://access.redhat.com/security/cve/CVE-2023-43787", "https://bugzilla.redhat.com/2242252", "https://bugzilla.redhat.com/2242253", "https://bugzilla.redhat.com/2242254", "https://bugzilla.redhat.com/show_bug.cgi?id=2242254", "https://errata.almalinux.org/9/ALSA-2024-2145.html", "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/", "https://linux.oracle.com/cve/CVE-2023-43787.html", "https://linux.oracle.com/errata/ELSA-2024-2973.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-43787", "https://security.netapp.com/advisory/ntap-20231103-0006/", "https://ubuntu.com/security/notices/USN-6407-1", "https://ubuntu.com/security/notices/USN-6407-2", "https://ubuntu.com/security/notices/USN-6408-1", "https://ubuntu.com/security/notices/USN-6408-2", "https://www.cve.org/CVERecord?id=CVE-2023-43787" ], "PublishedDate": "2023-10-10T13:15:22.083Z", "LastModifiedDate": "2024-05-22T17:16:05.057Z" }, { "VulnerabilityID": "CVE-2020-14344", "PkgName": "libx11-6", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14344", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: Heap overflow in the X input method client", "Description": "An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 6.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html", "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html", "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html", "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html", "https://access.redhat.com/security/cve/CVE-2020-14344", "https://bugzilla.redhat.com/show_bug.cgi?id=1826141", "https://bugzilla.redhat.com/show_bug.cgi?id=1854920", "https://bugzilla.redhat.com/show_bug.cgi?id=1856738", "https://bugzilla.redhat.com/show_bug.cgi?id=1862241", "https://bugzilla.redhat.com/show_bug.cgi?id=1862246", "https://bugzilla.redhat.com/show_bug.cgi?id=1862255", "https://bugzilla.redhat.com/show_bug.cgi?id=1862258", "https://bugzilla.redhat.com/show_bug.cgi?id=1863142", "https://bugzilla.redhat.com/show_bug.cgi?id=1869139", "https://bugzilla.redhat.com/show_bug.cgi?id=1869142", "https://bugzilla.redhat.com/show_bug.cgi?id=1869144", "https://bugzilla.redhat.com/show_bug.cgi?id=1872473", "https://bugzilla.redhat.com/show_bug.cgi?id=1878160", "https://bugzilla.redhat.com/show_bug.cgi?id=1886644", "https://bugzilla.redhat.com/show_bug.cgi?id=1886648", "https://bugzilla.redhat.com/show_bug.cgi?id=1887276", "https://bugzilla.redhat.com/show_bug.cgi?id=1887654", "https://bugzilla.redhat.com/show_bug.cgi?id=1887655", "https://bugzilla.redhat.com/show_bug.cgi?id=1891871", "https://bugzilla.redhat.com/show_bug.cgi?id=1896442", "https://bugzilla.redhat.com/show_bug.cgi?id=1897439", "https://bugzilla.redhat.com/show_bug.cgi?id=1914411", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14345", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14346", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14347", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14360", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14361", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14362", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14363", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25712", "https://errata.almalinux.org/8/ALSA-2021-1804.html", "https://errata.rockylinux.org/RLSA-2021:1804", "https://linux.oracle.com/cve/CVE-2020-14344.html", "https://linux.oracle.com/errata/ELSA-2021-1804.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/", "https://lists.x.org/archives/xorg-announce/2020-July/003050.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-14344", "https://security.gentoo.org/glsa/202008-18", "https://ubuntu.com/security/notices/USN-4487-1", "https://ubuntu.com/security/notices/USN-4487-2", "https://usn.ubuntu.com/4487-1/", "https://usn.ubuntu.com/4487-2/", "https://www.cve.org/CVERecord?id=CVE-2020-14344", "https://www.openwall.com/lists/oss-security/2020/07/31/1" ], "PublishedDate": "2020-08-05T14:15:12.42Z", "LastModifiedDate": "2023-11-07T03:17:09.61Z" }, { "VulnerabilityID": "CVE-2023-43785", "VendorIDs": [ "DLA-3602-1" ], "PkgName": "libx11-6", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-43785", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: out-of-bounds memory access in _XkbReadKeySyms()", "Description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2145", "https://access.redhat.com/errata/RHSA-2024:2973", "https://access.redhat.com/security/cve/CVE-2023-43785", "https://bugzilla.redhat.com/2242252", "https://bugzilla.redhat.com/2242253", "https://bugzilla.redhat.com/2242254", "https://bugzilla.redhat.com/show_bug.cgi?id=2242252", "https://errata.almalinux.org/9/ALSA-2024-2145.html", "https://linux.oracle.com/cve/CVE-2023-43785.html", "https://linux.oracle.com/errata/ELSA-2024-2973.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-43785", "https://security.netapp.com/advisory/ntap-20231103-0006/", "https://ubuntu.com/security/notices/USN-6407-1", "https://ubuntu.com/security/notices/USN-6407-2", "https://www.cve.org/CVERecord?id=CVE-2023-43785" ], "PublishedDate": "2023-10-10T13:15:21.877Z", "LastModifiedDate": "2024-05-22T17:16:04.76Z" }, { "VulnerabilityID": "CVE-2023-43786", "VendorIDs": [ "DLA-3602-1" ], "PkgName": "libx11-6", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-43786", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: stack exhaustion from infinite recursion in PutSubImage()", "Description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835", "CWE-400" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/24/9", "https://access.redhat.com/errata/RHSA-2024:2145", "https://access.redhat.com/errata/RHSA-2024:2973", "https://access.redhat.com/security/cve/CVE-2023-43786", "https://bugzilla.redhat.com/2242252", "https://bugzilla.redhat.com/2242253", "https://bugzilla.redhat.com/2242254", "https://bugzilla.redhat.com/show_bug.cgi?id=2242253", "https://errata.almalinux.org/9/ALSA-2024-2145.html", "https://linux.oracle.com/cve/CVE-2023-43786.html", "https://linux.oracle.com/errata/ELSA-2024-2973.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-43786", "https://security.netapp.com/advisory/ntap-20231103-0006/", "https://ubuntu.com/security/notices/USN-6407-1", "https://ubuntu.com/security/notices/USN-6407-2", "https://ubuntu.com/security/notices/USN-6408-1", "https://ubuntu.com/security/notices/USN-6408-2", "https://www.cve.org/CVERecord?id=CVE-2023-43786" ], "PublishedDate": "2023-10-10T13:15:22.023Z", "LastModifiedDate": "2024-05-22T17:16:04.927Z" }, { "VulnerabilityID": "CVE-2021-31535", "VendorIDs": [ "DSA-4920-1" ], "PkgName": "libx11-data", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-31535", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: missing request length checks", "Description": "LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.", "Severity": "CRITICAL", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html", "http://seclists.org/fulldisclosure/2021/May/52", "http://www.openwall.com/lists/oss-security/2021/05/18/2", "https://access.redhat.com/security/cve/CVE-2021-31535", "https://bugzilla.redhat.com/show_bug.cgi?id=1961822", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31535", "https://errata.almalinux.org/8/ALSA-2021-4326.html", "https://errata.rockylinux.org/RLSA-2021:4326", "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605", "https://linux.oracle.com/cve/CVE-2021-31535.html", "https://linux.oracle.com/errata/ELSA-2021-4326.html", "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E", "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E", "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E", "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/", "https://lists.freedesktop.org/archives/xorg/", "https://lists.x.org/archives/xorg-announce/2021-May/003088.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-31535", "https://security.gentoo.org/glsa/202105-16", "https://security.netapp.com/advisory/ntap-20210813-0001/", "https://ubuntu.com/security/notices/USN-4966-1", "https://ubuntu.com/security/notices/USN-4966-2", "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/", "https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt", "https://www.cve.org/CVERecord?id=CVE-2021-31535", "https://www.debian.org/security/2021/dsa-4920", "https://www.openwall.com/lists/oss-security/2021/05/18/2", "https://www.openwall.com/lists/oss-security/2021/05/18/3" ], "PublishedDate": "2021-05-27T13:15:08.24Z", "LastModifiedDate": "2023-11-07T03:34:58.383Z" }, { "VulnerabilityID": "CVE-2020-14363", "PkgName": "libx11-data", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14363", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: integer overflow leads to double free in locale handling", "Description": "An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.", "Severity": "HIGH", "CweIDs": [ "CWE-190", "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-14363", "https://bugzilla.redhat.com/show_bug.cgi?id=1826141", "https://bugzilla.redhat.com/show_bug.cgi?id=1854920", "https://bugzilla.redhat.com/show_bug.cgi?id=1856738", "https://bugzilla.redhat.com/show_bug.cgi?id=1862241", "https://bugzilla.redhat.com/show_bug.cgi?id=1862246", "https://bugzilla.redhat.com/show_bug.cgi?id=1862255", "https://bugzilla.redhat.com/show_bug.cgi?id=1862258", "https://bugzilla.redhat.com/show_bug.cgi?id=1863142", "https://bugzilla.redhat.com/show_bug.cgi?id=1869139", "https://bugzilla.redhat.com/show_bug.cgi?id=1869142", "https://bugzilla.redhat.com/show_bug.cgi?id=1869144", "https://bugzilla.redhat.com/show_bug.cgi?id=1872473", "https://bugzilla.redhat.com/show_bug.cgi?id=1878160", "https://bugzilla.redhat.com/show_bug.cgi?id=1886644", "https://bugzilla.redhat.com/show_bug.cgi?id=1886648", "https://bugzilla.redhat.com/show_bug.cgi?id=1887276", "https://bugzilla.redhat.com/show_bug.cgi?id=1887654", "https://bugzilla.redhat.com/show_bug.cgi?id=1887655", "https://bugzilla.redhat.com/show_bug.cgi?id=1891871", "https://bugzilla.redhat.com/show_bug.cgi?id=1896442", "https://bugzilla.redhat.com/show_bug.cgi?id=1897439", "https://bugzilla.redhat.com/show_bug.cgi?id=1914411", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14345", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14346", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14347", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14360", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14361", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14362", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14363", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25712", "https://errata.almalinux.org/8/ALSA-2021-1804.html", "https://errata.rockylinux.org/RLSA-2021:1804", "https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt", "https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh", "https://linux.oracle.com/cve/CVE-2020-14363.html", "https://linux.oracle.com/errata/ELSA-2021-1804.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/", "https://lists.x.org/archives/xorg-announce/2020-August/003056.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-14363", "https://ubuntu.com/security/notices/USN-4487-1", "https://ubuntu.com/security/notices/USN-4487-2", "https://usn.ubuntu.com/4487-2/", "https://www.cve.org/CVERecord?id=CVE-2020-14363" ], "PublishedDate": "2020-09-11T18:15:13.38Z", "LastModifiedDate": "2023-11-07T03:17:11.07Z" }, { "VulnerabilityID": "CVE-2023-3138", "VendorIDs": [ "DLA-3472-1" ], "PkgName": "libx11-data", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3138", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow", "Description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "Severity": "HIGH", "CweIDs": [ "CWE-787", "CWE-119" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6497", "https://access.redhat.com/security/cve/CVE-2023-3138", "https://bugzilla.redhat.com/2213748", "https://errata.almalinux.org/9/ALSA-2023-6497.html", "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c", "https://linux.oracle.com/cve/CVE-2023-3138.html", "https://linux.oracle.com/errata/ELSA-2023-7029.html", "https://lists.x.org/archives/xorg-announce/2023-June/003406.html", "https://lists.x.org/archives/xorg-announce/2023-June/003407.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3138", "https://security.netapp.com/advisory/ntap-20231208-0008/", "https://ubuntu.com/security/notices/USN-6168-1", "https://ubuntu.com/security/notices/USN-6168-2", "https://www.cve.org/CVERecord?id=CVE-2023-3138" ], "PublishedDate": "2023-06-28T21:15:10.247Z", "LastModifiedDate": "2023-12-08T19:15:07.58Z" }, { "VulnerabilityID": "CVE-2023-43787", "VendorIDs": [ "DLA-3602-1" ], "PkgName": "libx11-data", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-43787", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: integer overflow in XCreateImage() leading to a heap overflow", "Description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "Severity": "HIGH", "CweIDs": [ "CWE-190", "CWE-122" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/24/9", "https://access.redhat.com/errata/RHSA-2024:2145", "https://access.redhat.com/errata/RHSA-2024:2973", "https://access.redhat.com/security/cve/CVE-2023-43787", "https://bugzilla.redhat.com/2242252", "https://bugzilla.redhat.com/2242253", "https://bugzilla.redhat.com/2242254", "https://bugzilla.redhat.com/show_bug.cgi?id=2242254", "https://errata.almalinux.org/9/ALSA-2024-2145.html", "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/", "https://linux.oracle.com/cve/CVE-2023-43787.html", "https://linux.oracle.com/errata/ELSA-2024-2973.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-43787", "https://security.netapp.com/advisory/ntap-20231103-0006/", "https://ubuntu.com/security/notices/USN-6407-1", "https://ubuntu.com/security/notices/USN-6407-2", "https://ubuntu.com/security/notices/USN-6408-1", "https://ubuntu.com/security/notices/USN-6408-2", "https://www.cve.org/CVERecord?id=CVE-2023-43787" ], "PublishedDate": "2023-10-10T13:15:22.083Z", "LastModifiedDate": "2024-05-22T17:16:05.057Z" }, { "VulnerabilityID": "CVE-2020-14344", "PkgName": "libx11-data", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14344", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: Heap overflow in the X input method client", "Description": "An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 6.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html", "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html", "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html", "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html", "https://access.redhat.com/security/cve/CVE-2020-14344", "https://bugzilla.redhat.com/show_bug.cgi?id=1826141", "https://bugzilla.redhat.com/show_bug.cgi?id=1854920", "https://bugzilla.redhat.com/show_bug.cgi?id=1856738", "https://bugzilla.redhat.com/show_bug.cgi?id=1862241", "https://bugzilla.redhat.com/show_bug.cgi?id=1862246", "https://bugzilla.redhat.com/show_bug.cgi?id=1862255", "https://bugzilla.redhat.com/show_bug.cgi?id=1862258", "https://bugzilla.redhat.com/show_bug.cgi?id=1863142", "https://bugzilla.redhat.com/show_bug.cgi?id=1869139", "https://bugzilla.redhat.com/show_bug.cgi?id=1869142", "https://bugzilla.redhat.com/show_bug.cgi?id=1869144", "https://bugzilla.redhat.com/show_bug.cgi?id=1872473", "https://bugzilla.redhat.com/show_bug.cgi?id=1878160", "https://bugzilla.redhat.com/show_bug.cgi?id=1886644", "https://bugzilla.redhat.com/show_bug.cgi?id=1886648", "https://bugzilla.redhat.com/show_bug.cgi?id=1887276", "https://bugzilla.redhat.com/show_bug.cgi?id=1887654", "https://bugzilla.redhat.com/show_bug.cgi?id=1887655", "https://bugzilla.redhat.com/show_bug.cgi?id=1891871", "https://bugzilla.redhat.com/show_bug.cgi?id=1896442", "https://bugzilla.redhat.com/show_bug.cgi?id=1897439", "https://bugzilla.redhat.com/show_bug.cgi?id=1914411", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14345", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14346", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14347", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14360", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14361", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14362", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14363", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25712", "https://errata.almalinux.org/8/ALSA-2021-1804.html", "https://errata.rockylinux.org/RLSA-2021:1804", "https://linux.oracle.com/cve/CVE-2020-14344.html", "https://linux.oracle.com/errata/ELSA-2021-1804.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/", "https://lists.x.org/archives/xorg-announce/2020-July/003050.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-14344", "https://security.gentoo.org/glsa/202008-18", "https://ubuntu.com/security/notices/USN-4487-1", "https://ubuntu.com/security/notices/USN-4487-2", "https://usn.ubuntu.com/4487-1/", "https://usn.ubuntu.com/4487-2/", "https://www.cve.org/CVERecord?id=CVE-2020-14344", "https://www.openwall.com/lists/oss-security/2020/07/31/1" ], "PublishedDate": "2020-08-05T14:15:12.42Z", "LastModifiedDate": "2023-11-07T03:17:09.61Z" }, { "VulnerabilityID": "CVE-2023-43785", "VendorIDs": [ "DLA-3602-1" ], "PkgName": "libx11-data", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-43785", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: out-of-bounds memory access in _XkbReadKeySyms()", "Description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2145", "https://access.redhat.com/errata/RHSA-2024:2973", "https://access.redhat.com/security/cve/CVE-2023-43785", "https://bugzilla.redhat.com/2242252", "https://bugzilla.redhat.com/2242253", "https://bugzilla.redhat.com/2242254", "https://bugzilla.redhat.com/show_bug.cgi?id=2242252", "https://errata.almalinux.org/9/ALSA-2024-2145.html", "https://linux.oracle.com/cve/CVE-2023-43785.html", "https://linux.oracle.com/errata/ELSA-2024-2973.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-43785", "https://security.netapp.com/advisory/ntap-20231103-0006/", "https://ubuntu.com/security/notices/USN-6407-1", "https://ubuntu.com/security/notices/USN-6407-2", "https://www.cve.org/CVERecord?id=CVE-2023-43785" ], "PublishedDate": "2023-10-10T13:15:21.877Z", "LastModifiedDate": "2024-05-22T17:16:04.76Z" }, { "VulnerabilityID": "CVE-2023-43786", "VendorIDs": [ "DLA-3602-1" ], "PkgName": "libx11-data", "InstalledVersion": "2:1.6.7-1", "FixedVersion": "2:1.6.7-1+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-43786", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libX11: stack exhaustion from infinite recursion in PutSubImage()", "Description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835", "CWE-400" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/24/9", "https://access.redhat.com/errata/RHSA-2024:2145", "https://access.redhat.com/errata/RHSA-2024:2973", "https://access.redhat.com/security/cve/CVE-2023-43786", "https://bugzilla.redhat.com/2242252", "https://bugzilla.redhat.com/2242253", "https://bugzilla.redhat.com/2242254", "https://bugzilla.redhat.com/show_bug.cgi?id=2242253", "https://errata.almalinux.org/9/ALSA-2024-2145.html", "https://linux.oracle.com/cve/CVE-2023-43786.html", "https://linux.oracle.com/errata/ELSA-2024-2973.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-43786", "https://security.netapp.com/advisory/ntap-20231103-0006/", "https://ubuntu.com/security/notices/USN-6407-1", "https://ubuntu.com/security/notices/USN-6407-2", "https://ubuntu.com/security/notices/USN-6408-1", "https://ubuntu.com/security/notices/USN-6408-2", "https://www.cve.org/CVERecord?id=CVE-2023-43786" ], "PublishedDate": "2023-10-10T13:15:22.023Z", "LastModifiedDate": "2024-05-22T17:16:04.927Z" }, { "VulnerabilityID": "CVE-2017-16932", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Infinite recursion in parameter entities", "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://xmlsoft.org/news.html", "https://access.redhat.com/security/cve/CVE-2017-16932", "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", "https://bugzilla.gnome.org/show_bug.cgi?id=759579", "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml", "https://github.com/sparklemotion/nokogiri/issues/1714", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", "https://nvd.nist.gov/vuln/detail/CVE-2017-16932", "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", "https://ubuntu.com/security/notices/USN-3504-1", "https://ubuntu.com/security/notices/USN-3504-2", "https://ubuntu.com/security/notices/USN-3739-1", "https://usn.ubuntu.com/3739-1", "https://usn.ubuntu.com/3739-1/", "https://usn.ubuntu.com/usn/usn-3504-1/", "https://www.cve.org/CVERecord?id=CVE-2017-16932" ], "PublishedDate": "2017-11-23T21:29:00.437Z", "LastModifiedDate": "2023-11-07T02:40:56.917Z" }, { "VulnerabilityID": "CVE-2019-19956", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c", "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", "Severity": "HIGH", "CweIDs": [ "CWE-401" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html", "https://access.redhat.com/security/cve/CVE-2019-19956", "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", "https://linux.oracle.com/cve/CVE-2019-19956.html", "https://linux.oracle.com/errata/ELSA-2020-4479.html", "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "https://nvd.nist.gov/vuln/detail/CVE-2019-19956", "https://security.netapp.com/advisory/ntap-20200114-0002/", "https://ubuntu.com/security/notices/USN-4274-1", "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", "https://usn.ubuntu.com/4274-1/", "https://www.cve.org/CVERecord?id=CVE-2019-19956", "https://www.oracle.com/security-alerts/cpujul2020.html" ], "PublishedDate": "2019-12-24T16:15:11.45Z", "LastModifiedDate": "2023-11-07T03:07:52.493Z" }, { "VulnerabilityID": "CVE-2019-20388", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20388", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c", "Description": "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", "Severity": "HIGH", "CweIDs": [ "CWE-401" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "https://access.redhat.com/security/cve/CVE-2019-20388", "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", "https://linux.oracle.com/cve/CVE-2019-20388.html", "https://linux.oracle.com/errata/ELSA-2020-4479.html", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "https://nvd.nist.gov/vuln/detail/CVE-2019-20388", "https://security.gentoo.org/glsa/202010-04", "https://security.netapp.com/advisory/ntap-20200702-0005/", "https://ubuntu.com/security/notices/USN-4991-1", "https://www.cve.org/CVERecord?id=CVE-2019-20388", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2020-01-21T23:15:13.553Z", "LastModifiedDate": "2023-11-09T14:44:33.733Z" }, { "VulnerabilityID": "CVE-2020-7595", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-7595", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations", "Description": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "https://access.redhat.com/security/cve/CVE-2020-7595", "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml", "https://github.com/sparklemotion/nokogiri", "https://github.com/sparklemotion/nokogiri/issues/1992", "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", "https://linux.oracle.com/cve/CVE-2020-7595.html", "https://linux.oracle.com/errata/ELSA-2020-4479.html", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH", "https://nvd.nist.gov/vuln/detail/CVE-2020-7595", "https://security.gentoo.org/glsa/202010-04", "https://security.netapp.com/advisory/ntap-20200702-0005", "https://security.netapp.com/advisory/ntap-20200702-0005/", "https://ubuntu.com/security/notices/USN-4274-1", "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", "https://usn.ubuntu.com/4274-1", "https://usn.ubuntu.com/4274-1/", "https://www.cve.org/CVERecord?id=CVE-2020-7595", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2020-01-21T23:15:13.867Z", "LastModifiedDate": "2023-11-07T03:26:07.513Z" }, { "VulnerabilityID": "CVE-2021-3516", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3516", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c", "Description": "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json", "https://access.redhat.com/security/cve/CVE-2021-3516", "https://bugzilla.redhat.com/show_bug.cgi?id=1954225", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/230", "https://linux.oracle.com/cve/CVE-2021-3516.html", "https://linux.oracle.com/errata/ELSA-2021-2569.html", "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://nvd.nist.gov/vuln/detail/CVE-2021-3516", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20210716-0005/", "https://ubuntu.com/security/notices/USN-4991-1", "https://www.cve.org/CVERecord?id=CVE-2021-3516", "https://www.oracle.com/security-alerts/cpujan2022.html" ], "PublishedDate": "2021-06-01T14:15:10.373Z", "LastModifiedDate": "2023-11-07T03:38:03.74Z" }, { "VulnerabilityID": "CVE-2021-3517", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3517", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c", "Description": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V2Score": 7.5, "V3Score": 8.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json", "https://access.redhat.com/security/cve/CVE-2021-3517", "https://bugzilla.redhat.com/show_bug.cgi?id=1954232", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml", "https://github.com/sparklemotion/nokogiri", "https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579", "https://github.com/sparklemotion/nokogiri/issues/2233", "https://github.com/sparklemotion/nokogiri/issues/2274", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/235", "https://linux.oracle.com/cve/CVE-2021-3517.html", "https://linux.oracle.com/errata/ELSA-2021-2569.html", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://nvd.nist.gov/vuln/detail/CVE-2021-3517", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20210625-0002", "https://security.netapp.com/advisory/ntap-20210625-0002/", "https://security.netapp.com/advisory/ntap-20211022-0004", "https://security.netapp.com/advisory/ntap-20211022-0004/", "https://ubuntu.com/security/notices/USN-4991-1", "https://www.cve.org/CVERecord?id=CVE-2021-3517", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2021-05-19T14:15:07.553Z", "LastModifiedDate": "2023-11-07T03:38:03.893Z" }, { "VulnerabilityID": "CVE-2021-3518", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3518", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c", "Description": "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "http://seclists.org/fulldisclosure/2021/Jul/54", "http://seclists.org/fulldisclosure/2021/Jul/55", "http://seclists.org/fulldisclosure/2021/Jul/58", "http://seclists.org/fulldisclosure/2021/Jul/59", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json", "https://access.redhat.com/security/cve/CVE-2021-3518", "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", "https://github.com/advisories/GHSA-v4f8-2847-rwm7", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml", "https://github.com/sparklemotion/nokogiri", "https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/237", "https://linux.oracle.com/cve/CVE-2021-3518.html", "https://linux.oracle.com/errata/ELSA-2021-2569.html", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://nokogiri.org/CHANGELOG.html#1114-2021-05-14", "https://nokogiri.org/CHANGELOG.html#security_8", "https://nvd.nist.gov/vuln/detail/CVE-2021-3518", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20210625-0002", "https://security.netapp.com/advisory/ntap-20210625-0002/", "https://support.apple.com/kb/HT212601", "https://support.apple.com/kb/HT212602", "https://support.apple.com/kb/HT212604", "https://support.apple.com/kb/HT212605", "https://ubuntu.com/security/notices/USN-4991-1", "https://www.cve.org/CVERecord?id=CVE-2021-3518", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2021-05-18T12:15:08.043Z", "LastModifiedDate": "2023-11-07T03:38:04.05Z" }, { "VulnerabilityID": "CVE-2022-2309", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2309", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "lxml: NULL Pointer Dereference in lxml", "Description": "NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8226", "https://access.redhat.com/security/cve/CVE-2022-2309", "https://bugzilla.redhat.com/2107571", "https://bugzilla.redhat.com/show_bug.cgi?id=2107571", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309", "https://errata.almalinux.org/9/ALSA-2022-8226.html", "https://errata.rockylinux.org/RLSA-2022:8226", "https://github.com/advisories/GHSA-wrxv-2j5q-m38w", "https://github.com/lxml/lxml", "https://github.com/lxml/lxml/blob/master/CHANGES.txt", "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f", "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f (lxml-4.9.1)", "https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/378", "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba", "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba/", "https://linux.oracle.com/cve/CVE-2022-2309.html", "https://linux.oracle.com/errata/ELSA-2022-8226.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO", "https://nvd.nist.gov/vuln/detail/CVE-2022-2309", "https://security.gentoo.org/glsa/202208-06", "https://security.netapp.com/advisory/ntap-20220915-0006", "https://security.netapp.com/advisory/ntap-20220915-0006/", "https://ubuntu.com/security/notices/USN-5760-1", "https://ubuntu.com/security/notices/USN-6028-2", "https://www.cve.org/CVERecord?id=CVE-2022-2309" ], "PublishedDate": "2022-07-05T10:15:08.763Z", "LastModifiedDate": "2023-11-07T03:46:28.713Z" }, { "VulnerabilityID": "CVE-2022-23308", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u3", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23308", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Use-after-free of ID and IDREF attributes", "Description": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "http://seclists.org/fulldisclosure/2022/May/33", "http://seclists.org/fulldisclosure/2022/May/34", "http://seclists.org/fulldisclosure/2022/May/35", "http://seclists.org/fulldisclosure/2022/May/36", "http://seclists.org/fulldisclosure/2022/May/37", "http://seclists.org/fulldisclosure/2022/May/38", "https://access.redhat.com/security/cve/CVE-2022-23308", "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e", "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS", "https://linux.oracle.com/cve/CVE-2022-23308.html", "https://linux.oracle.com/errata/ELSA-2022-0899.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/", "https://nvd.nist.gov/vuln/detail/CVE-2022-23308", "https://security.gentoo.org/glsa/202210-03", "https://security.netapp.com/advisory/ntap-20220331-0008/", "https://support.apple.com/kb/HT213253", "https://support.apple.com/kb/HT213254", "https://support.apple.com/kb/HT213255", "https://support.apple.com/kb/HT213256", "https://support.apple.com/kb/HT213257", "https://support.apple.com/kb/HT213258", "https://ubuntu.com/security/notices/USN-5324-1", "https://ubuntu.com/security/notices/USN-5422-1", "https://www.cve.org/CVERecord?id=CVE-2022-23308", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-02-26T05:15:08.28Z", "LastModifiedDate": "2023-11-07T03:44:08.253Z" }, { "VulnerabilityID": "CVE-2022-40303", "VendorIDs": [ "DLA-3172-1" ], "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-40303", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: integer overflows with XML_PARSE_HUGE", "Description": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://seclists.org/fulldisclosure/2022/Dec/21", "http://seclists.org/fulldisclosure/2022/Dec/24", "http://seclists.org/fulldisclosure/2022/Dec/25", "http://seclists.org/fulldisclosure/2022/Dec/26", "http://seclists.org/fulldisclosure/2022/Dec/27", "https://access.redhat.com/errata/RHSA-2023:0338", "https://access.redhat.com/security/cve/CVE-2022-40303", "https://bugzilla.redhat.com/2136266", "https://bugzilla.redhat.com/2136288", "https://bugzilla.redhat.com/show_bug.cgi?id=2136266", "https://bugzilla.redhat.com/show_bug.cgi?id=2136288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304", "https://errata.almalinux.org/9/ALSA-2023-0338.html", "https://errata.rockylinux.org/RLSA-2023:0338", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0", "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", "https://linux.oracle.com/cve/CVE-2022-40303.html", "https://linux.oracle.com/errata/ELSA-2023-0338.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-40303", "https://security.netapp.com/advisory/ntap-20221209-0003/", "https://support.apple.com/kb/HT213531", "https://support.apple.com/kb/HT213533", "https://support.apple.com/kb/HT213534", "https://support.apple.com/kb/HT213535", "https://support.apple.com/kb/HT213536", "https://ubuntu.com/security/notices/USN-5760-1", "https://ubuntu.com/security/notices/USN-5760-2", "https://www.cve.org/CVERecord?id=CVE-2022-40303" ], "PublishedDate": "2022-11-23T00:15:11.007Z", "LastModifiedDate": "2023-11-07T03:52:15.28Z" }, { "VulnerabilityID": "CVE-2022-40304", "VendorIDs": [ "DLA-3172-1" ], "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u5", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-40304", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: dict corruption caused by entity reference cycles", "Description": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://seclists.org/fulldisclosure/2022/Dec/21", "http://seclists.org/fulldisclosure/2022/Dec/24", "http://seclists.org/fulldisclosure/2022/Dec/25", "http://seclists.org/fulldisclosure/2022/Dec/26", "http://seclists.org/fulldisclosure/2022/Dec/27", "https://access.redhat.com/errata/RHSA-2023:0338", "https://access.redhat.com/security/cve/CVE-2022-40304", "https://bugzilla.redhat.com/2136266", "https://bugzilla.redhat.com/2136288", "https://bugzilla.redhat.com/show_bug.cgi?id=2136266", "https://bugzilla.redhat.com/show_bug.cgi?id=2136288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304", "https://errata.almalinux.org/9/ALSA-2023-0338.html", "https://errata.rockylinux.org/RLSA-2023:0338", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b", "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", "https://linux.oracle.com/cve/CVE-2022-40304.html", "https://linux.oracle.com/errata/ELSA-2023-0338.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-40304", "https://security.netapp.com/advisory/ntap-20221209-0003/", "https://support.apple.com/kb/HT213531", "https://support.apple.com/kb/HT213533", "https://support.apple.com/kb/HT213534", "https://support.apple.com/kb/HT213535", "https://support.apple.com/kb/HT213536", "https://ubuntu.com/security/notices/USN-5760-1", "https://ubuntu.com/security/notices/USN-5760-2", "https://www.cve.org/CVERecord?id=CVE-2022-40304" ], "PublishedDate": "2022-11-23T18:15:12.167Z", "LastModifiedDate": "2023-11-07T03:52:15.353Z" }, { "VulnerabilityID": "CVE-2024-25062", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-25062", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: use-after-free in XMLReader", "Description": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2679", "https://access.redhat.com/security/cve/CVE-2024-25062", "https://bugzilla.redhat.com/2262726", "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062", "https://errata.almalinux.org/9/ALSA-2024-2679.html", "https://errata.rockylinux.org/RLSA-2024:2679", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "https://linux.oracle.com/cve/CVE-2024-25062.html", "https://linux.oracle.com/errata/ELSA-2024-3626.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", "https://ubuntu.com/security/notices/USN-6658-1", "https://ubuntu.com/security/notices/USN-6658-2", "https://www.cve.org/CVERecord?id=CVE-2024-25062" ], "PublishedDate": "2024-02-04T16:15:45.12Z", "LastModifiedDate": "2024-02-13T00:40:40.503Z" }, { "VulnerabilityID": "CVE-2016-3709", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3709", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Incorrect server side include parsing can lead to XSS", "Description": "Possible cross-site scripting vulnerability in libxml after commit 960f0e2.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:7715", "https://access.redhat.com/security/cve/CVE-2016-3709", "https://bugzilla.redhat.com/2112766", "https://bugzilla.redhat.com/show_bug.cgi?id=2112766", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709", "https://errata.almalinux.org/8/ALSA-2022-7715.html", "https://errata.rockylinux.org/RLSA-2022:7715", "https://linux.oracle.com/cve/CVE-2016-3709.html", "https://linux.oracle.com/errata/ELSA-2022-7715.html", "https://mail.gnome.org/archives/xml/2018-January/msg00010.html", "https://nvd.nist.gov/vuln/detail/CVE-2016-3709", "https://ubuntu.com/security/notices/USN-5548-1", "https://www.cve.org/CVERecord?id=CVE-2016-3709" ], "PublishedDate": "2022-07-28T17:15:07.92Z", "LastModifiedDate": "2022-12-07T16:39:39.293Z" }, { "VulnerabilityID": "CVE-2016-9318", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: XML External Entity vulnerability", "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", "Severity": "MEDIUM", "CweIDs": [ "CWE-611" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", "V2Score": 5.8, "V3Score": 6.7 } }, "References": [ "http://www.securityfocus.com/bid/94347", "https://access.redhat.com/security/cve/CVE-2016-9318", "https://bugzilla.gnome.org/show_bug.cgi?id=772726", "https://github.com/lsh123/xmlsec/issues/43", "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", "https://nvd.nist.gov/vuln/detail/CVE-2016-9318", "https://security.gentoo.org/glsa/201711-01", "https://ubuntu.com/security/notices/USN-3739-1", "https://ubuntu.com/security/notices/USN-3739-2", "https://usn.ubuntu.com/3739-1/", "https://usn.ubuntu.com/3739-2/", "https://www.cve.org/CVERecord?id=CVE-2016-9318" ], "PublishedDate": "2016-11-16T00:59:00.18Z", "LastModifiedDate": "2022-04-08T23:15:07.503Z" }, { "VulnerabilityID": "CVE-2018-14567", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "http://www.securityfocus.com/bid/105198", "https://access.redhat.com/security/cve/CVE-2018-14567", "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", "https://linux.oracle.com/cve/CVE-2018-14567.html", "https://linux.oracle.com/errata/ELSA-2020-1190.html", "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", "https://ubuntu.com/security/notices/USN-3739-1", "https://usn.ubuntu.com/3739-1/", "https://www.cve.org/CVERecord?id=CVE-2018-14567" ], "PublishedDate": "2018-08-16T20:29:02.47Z", "LastModifiedDate": "2020-09-10T01:15:14.58Z" }, { "VulnerabilityID": "CVE-2021-3537", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3537", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode", "Description": "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json", "https://access.redhat.com/security/cve/CVE-2021-3537", "https://bugzilla.redhat.com/show_bug.cgi?id=1956522", "https://github.com/advisories/GHSA-286v-pcf5-25rc", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml", "https://github.com/sparklemotion/nokogiri", "https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/243", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/244", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/245", "https://linux.oracle.com/cve/CVE-2021-3537.html", "https://linux.oracle.com/errata/ELSA-2021-2569.html", "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "https://nokogiri.org/CHANGELOG.html#1114-2021-05-14", "https://nokogiri.org/CHANGELOG.html#security_8", "https://nvd.nist.gov/vuln/detail/CVE-2021-3537", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20210625-0002", "https://security.netapp.com/advisory/ntap-20210625-0002/", "https://ubuntu.com/security/notices/USN-4991-1", "https://www.cve.org/CVERecord?id=CVE-2021-3537", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2021-05-14T20:15:16.553Z", "LastModifiedDate": "2023-11-07T03:38:05.56Z" }, { "VulnerabilityID": "CVE-2021-3541", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3541", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms", "Description": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-776" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json", "https://access.redhat.com/security/cve/CVE-2021-3541", "https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/", "https://bugzilla.redhat.com/show_bug.cgi?id=1950515", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private)", "https://linux.oracle.com/cve/CVE-2021-3541.html", "https://linux.oracle.com/errata/ELSA-2021-2569.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-3541", "https://security.netapp.com/advisory/ntap-20210805-0007/", "https://ubuntu.com/security/notices/USN-4991-1", "https://www.cve.org/CVERecord?id=CVE-2021-3541", "https://www.oracle.com/security-alerts/cpujan2022.html" ], "PublishedDate": "2021-07-09T17:15:07.973Z", "LastModifiedDate": "2022-03-01T18:25:33.703Z" }, { "VulnerabilityID": "CVE-2022-29824", "VendorIDs": [ "DSA-5142-1" ], "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u4", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29824", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write", "Description": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "V3Score": 7.4 } }, "References": [ "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html", "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html", "https://access.redhat.com/security/cve/CVE-2022-29824", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)", "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14", "https://gitlab.gnome.org/GNOME/libxslt/-/tags", "https://linux.oracle.com/cve/CVE-2022-29824.html", "https://linux.oracle.com/errata/ELSA-2022-5317.html", "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/", "https://nvd.nist.gov/vuln/detail/CVE-2022-29824", "https://security.gentoo.org/glsa/202210-03", "https://security.netapp.com/advisory/ntap-20220715-0006/", "https://ubuntu.com/security/notices/USN-5422-1", "https://www.cve.org/CVERecord?id=CVE-2022-29824", "https://www.debian.org/security/2022/dsa-5142", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-05-03T03:15:06.687Z", "LastModifiedDate": "2023-11-07T03:46:05.86Z" }, { "VulnerabilityID": "CVE-2023-28484", "VendorIDs": [ "DLA-3405-1" ], "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28484", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: NULL dereference in xmlSchemaFixupComplexType", "Description": "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:4349", "https://access.redhat.com/security/cve/CVE-2023-28484", "https://bugzilla.redhat.com/2185984", "https://bugzilla.redhat.com/2185994", "https://bugzilla.redhat.com/show_bug.cgi?id=2185984", "https://bugzilla.redhat.com/show_bug.cgi?id=2185994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469", "https://errata.almalinux.org/9/ALSA-2023-4349.html", "https://errata.rockylinux.org/RLSA-2023:4529", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/491", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4", "https://linux.oracle.com/cve/CVE-2023-28484.html", "https://linux.oracle.com/errata/ELSA-2023-4529.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-28484", "https://security.netapp.com/advisory/ntap-20230601-0006/", "https://security.netapp.com/advisory/ntap-20240201-0005/", "https://ubuntu.com/security/notices/USN-6028-1", "https://ubuntu.com/security/notices/USN-6028-2", "https://www.cve.org/CVERecord?id=CVE-2023-28484" ], "PublishedDate": "2023-04-24T21:15:09.18Z", "LastModifiedDate": "2024-02-01T17:15:08.107Z" }, { "VulnerabilityID": "CVE-2023-29469", "VendorIDs": [ "DLA-3405-1" ], "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u6", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29469", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Hashing of empty dict strings isn't deterministic", "Description": "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:4349", "https://access.redhat.com/security/cve/CVE-2023-29469", "https://bugzilla.redhat.com/2185984", "https://bugzilla.redhat.com/2185994", "https://bugzilla.redhat.com/show_bug.cgi?id=2185984", "https://bugzilla.redhat.com/show_bug.cgi?id=2185994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469", "https://errata.almalinux.org/9/ALSA-2023-4349.html", "https://errata.rockylinux.org/RLSA-2023:4529", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/510", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4", "https://linux.oracle.com/cve/CVE-2023-29469.html", "https://linux.oracle.com/errata/ELSA-2023-4529.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29469", "https://security.netapp.com/advisory/ntap-20230601-0006/", "https://ubuntu.com/security/notices/USN-6028-1", "https://ubuntu.com/security/notices/USN-6028-2", "https://www.cve.org/CVERecord?id=CVE-2023-29469" ], "PublishedDate": "2023-04-24T21:15:09.23Z", "LastModifiedDate": "2023-06-01T14:15:11.423Z" }, { "VulnerabilityID": "CVE-2023-39615", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39615", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: crafted xml can cause global buffer overflow", "Description": "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:7747", "https://access.redhat.com/security/cve/CVE-2023-39615", "https://bugzilla.redhat.com/2235864", "https://errata.almalinux.org/9/ALSA-2023-7747.html", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", "https://linux.oracle.com/cve/CVE-2023-39615.html", "https://linux.oracle.com/errata/ELSA-2024-0119.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39615", "https://www.cve.org/CVERecord?id=CVE-2023-39615" ], "PublishedDate": "2023-08-29T17:15:12.527Z", "LastModifiedDate": "2024-08-02T19:15:26.21Z" }, { "VulnerabilityID": "CVE-2023-45322", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45322", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: use-after-free in xmlUnlinkNode() in tree.c", "Description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/06/5", "https://access.redhat.com/security/cve/CVE-2023-45322", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "https://www.cve.org/CVERecord?id=CVE-2023-45322" ], "PublishedDate": "2023-10-06T22:15:11.66Z", "LastModifiedDate": "2024-08-02T21:15:32.323Z" }, { "VulnerabilityID": "CVE-2017-18258", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-18258", "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", "https://github.com/advisories/GHSA-882p-jqgm-f45g", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", "https://linux.oracle.com/cve/CVE-2017-18258.html", "https://linux.oracle.com/errata/ELSA-2020-1190.html", "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", "https://security.netapp.com/advisory/ntap-20190719-0001", "https://security.netapp.com/advisory/ntap-20190719-0001/", "https://ubuntu.com/security/notices/USN-3739-1", "https://usn.ubuntu.com/3739-1", "https://usn.ubuntu.com/3739-1/", "https://www.cve.org/CVERecord?id=CVE-2017-18258" ], "PublishedDate": "2018-04-08T17:29:00.237Z", "LastModifiedDate": "2020-09-10T01:15:12.363Z" }, { "VulnerabilityID": "CVE-2018-14404", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2019:1543", "https://access.redhat.com/security/cve/CVE-2018-14404", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml", "https://github.com/sparklemotion/nokogiri/issues/1785", "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", "https://gitlab.gnome.org/GNOME/libxml2/issues/10", "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", "https://linux.oracle.com/cve/CVE-2018-14404.html", "https://linux.oracle.com/errata/ELSA-2020-1827.html", "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", "https://security.netapp.com/advisory/ntap-20190719-0002", "https://security.netapp.com/advisory/ntap-20190719-0002/", "https://ubuntu.com/security/notices/USN-3739-1", "https://ubuntu.com/security/notices/USN-3739-2", "https://usn.ubuntu.com/3739-1", "https://usn.ubuntu.com/3739-1/", "https://usn.ubuntu.com/3739-2", "https://usn.ubuntu.com/3739-2/", "https://www.cve.org/CVERecord?id=CVE-2018-14404" ], "PublishedDate": "2018-07-19T13:29:00.48Z", "LastModifiedDate": "2020-09-10T01:15:14.097Z" }, { "VulnerabilityID": "CVE-2020-24977", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "FixedVersion": "2.9.4+dfsg1-7+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-24977", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal() in entities.c", "Description": "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V2Score": 6.4, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html", "https://access.redhat.com/security/cve/CVE-2020-24977", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", "https://linux.oracle.com/cve/CVE-2020-24977.html", "https://linux.oracle.com/errata/ELSA-2021-1597.html", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/", "https://nvd.nist.gov/vuln/detail/CVE-2020-24977", "https://security.gentoo.org/glsa/202107-05", "https://security.netapp.com/advisory/ntap-20200924-0001/", "https://ubuntu.com/security/notices/USN-4991-1", "https://www.cve.org/CVERecord?id=CVE-2020-24977", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2020-09-04T00:15:10.693Z", "LastModifiedDate": "2023-11-07T03:20:11.12Z" }, { "VulnerabilityID": "CVE-2024-34459", "PkgName": "libxml2", "InstalledVersion": "2.9.4+dfsg1-7", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34459", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c", "Description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "Severity": "LOW", "CweIDs": [ "CWE-122" ], "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-34459", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "https://www.cve.org/CVERecord?id=CVE-2024-34459" ], "PublishedDate": "2024-05-14T15:39:11.917Z", "LastModifiedDate": "2024-08-22T18:35:08.623Z" }, { "VulnerabilityID": "CVE-2022-44617", "VendorIDs": [ "DLA-3459-1" ], "PkgName": "libxpm4", "InstalledVersion": "1:3.5.12-1", "FixedVersion": "1:3.5.12-1+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44617", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libXpm: Runaway loop on width of 0 and enormous height", "Description": "A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.", "Severity": "HIGH", "CweIDs": [ "CWE-835", "CWE-20" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0383", "https://access.redhat.com/security/cve/CVE-2022-44617", "https://bugzilla.redhat.com/2160092", "https://bugzilla.redhat.com/2160193", "https://bugzilla.redhat.com/2160213", "https://bugzilla.redhat.com/show_bug.cgi?id=2160092", "https://bugzilla.redhat.com/show_bug.cgi?id=2160193", "https://bugzilla.redhat.com/show_bug.cgi?id=2160213", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44617", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46285", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4883", "https://errata.almalinux.org/9/ALSA-2023-0383.html", "https://errata.rockylinux.org/RLSA-2023:0383", "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28", "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9", "https://linux.oracle.com/cve/CVE-2022-44617.html", "https://linux.oracle.com/errata/ELSA-2023-0383.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html", "https://lists.x.org/archives/xorg-announce/2023-January/003312.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-44617", "https://ubuntu.com/security/notices/USN-5807-1", "https://ubuntu.com/security/notices/USN-5807-2", "https://www.cve.org/CVERecord?id=CVE-2022-44617" ], "PublishedDate": "2023-02-06T23:15:09.787Z", "LastModifiedDate": "2023-11-07T03:54:21.82Z" }, { "VulnerabilityID": "CVE-2022-46285", "VendorIDs": [ "DLA-3459-1" ], "PkgName": "libxpm4", "InstalledVersion": "1:3.5.12-1", "FixedVersion": "1:3.5.12-1+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-46285", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libXpm: Infinite loop on unclosed comments", "Description": "A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/03/1", "http://www.openwall.com/lists/oss-security/2023/10/03/10", "https://access.redhat.com/errata/RHSA-2023:0383", "https://access.redhat.com/security/cve/CVE-2022-46285", "https://bugzilla.redhat.com/2160092", "https://bugzilla.redhat.com/2160193", "https://bugzilla.redhat.com/2160213", "https://bugzilla.redhat.com/show_bug.cgi?id=2160092", "https://bugzilla.redhat.com/show_bug.cgi?id=2160193", "https://bugzilla.redhat.com/show_bug.cgi?id=2160213", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44617", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46285", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4883", "https://errata.almalinux.org/9/ALSA-2023-0383.html", "https://errata.rockylinux.org/RLSA-2023:0383", "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148", "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9", "https://linux.oracle.com/cve/CVE-2022-46285.html", "https://linux.oracle.com/errata/ELSA-2023-0383.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html", "https://lists.x.org/archives/xorg-announce/2023-January/003312.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-46285", "https://ubuntu.com/security/notices/USN-5807-1", "https://ubuntu.com/security/notices/USN-5807-2", "https://ubuntu.com/security/notices/USN-5807-3", "https://www.cve.org/CVERecord?id=CVE-2022-46285" ], "PublishedDate": "2023-02-07T19:15:09.147Z", "LastModifiedDate": "2023-10-17T15:55:36.773Z" }, { "VulnerabilityID": "CVE-2022-4883", "VendorIDs": [ "DLA-3459-1" ], "PkgName": "libxpm4", "InstalledVersion": "1:3.5.12-1", "FixedVersion": "1:3.5.12-1+deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4883", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libXpm: compression commands depend on $PATH", "Description": "A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.", "Severity": "HIGH", "CweIDs": [ "CWE-426" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0383", "https://access.redhat.com/security/cve/CVE-2022-4883", "https://bugzilla.redhat.com/2160092", "https://bugzilla.redhat.com/2160193", "https://bugzilla.redhat.com/2160213", "https://bugzilla.redhat.com/show_bug.cgi?id=2160092", "https://bugzilla.redhat.com/show_bug.cgi?id=2160193", "https://bugzilla.redhat.com/show_bug.cgi?id=2160213", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44617", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46285", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4883", "https://errata.almalinux.org/9/ALSA-2023-0383.html", "https://errata.rockylinux.org/RLSA-2023:0383", "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669", "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9", "https://linux.oracle.com/cve/CVE-2022-4883.html", "https://linux.oracle.com/errata/ELSA-2023-0383.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html", "https://lists.x.org/archives/xorg-announce/2023-January/003312.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4883", "https://ubuntu.com/security/notices/USN-5807-1", "https://ubuntu.com/security/notices/USN-5807-2", "https://www.cve.org/CVERecord?id=CVE-2022-4883" ], "PublishedDate": "2023-02-07T19:15:09.223Z", "LastModifiedDate": "2023-10-17T15:55:36.773Z" }, { "VulnerabilityID": "CVE-2023-43788", "VendorIDs": [ "DLA-3603-1" ], "PkgName": "libxpm4", "InstalledVersion": "1:3.5.12-1", "FixedVersion": "1:3.5.12-1+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-43788", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()", "Description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2146", "https://access.redhat.com/errata/RHSA-2024:2217", "https://access.redhat.com/errata/RHSA-2024:2974", "https://access.redhat.com/errata/RHSA-2024:3022", "https://access.redhat.com/security/cve/CVE-2023-43788", "https://bugzilla.redhat.com/2242248", "https://bugzilla.redhat.com/2242249", "https://bugzilla.redhat.com/show_bug.cgi?id=2242248", "https://bugzilla.redhat.com/show_bug.cgi?id=2242249", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43789", "https://errata.almalinux.org/9/ALSA-2024-2217.html", "https://errata.rockylinux.org/RLSA-2024:2974", "https://linux.oracle.com/cve/CVE-2023-43788.html", "https://linux.oracle.com/errata/ELSA-2024-3022.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6FARGWN7VWXXWPXYNEEDJLRR3EWFZ3T/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/", "https://nvd.nist.gov/vuln/detail/CVE-2023-43788", "https://ubuntu.com/security/notices/USN-6408-1", "https://ubuntu.com/security/notices/USN-6408-2", "https://www.cve.org/CVERecord?id=CVE-2023-43788" ], "PublishedDate": "2023-10-10T13:15:22.137Z", "LastModifiedDate": "2024-05-22T17:16:05.223Z" }, { "VulnerabilityID": "CVE-2023-43789", "VendorIDs": [ "DLA-3603-1" ], "PkgName": "libxpm4", "InstalledVersion": "1:3.5.12-1", "FixedVersion": "1:3.5.12-1+deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-43789", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libXpm: out of bounds read on XPM with corrupted colormap", "Description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2146", "https://access.redhat.com/errata/RHSA-2024:2217", "https://access.redhat.com/errata/RHSA-2024:2974", "https://access.redhat.com/errata/RHSA-2024:3022", "https://access.redhat.com/security/cve/CVE-2023-43789", "https://bugzilla.redhat.com/2242248", "https://bugzilla.redhat.com/2242249", "https://bugzilla.redhat.com/show_bug.cgi?id=2242248", "https://bugzilla.redhat.com/show_bug.cgi?id=2242249", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43789", "https://errata.almalinux.org/9/ALSA-2024-2217.html", "https://errata.rockylinux.org/RLSA-2024:2974", "https://linux.oracle.com/cve/CVE-2023-43789.html", "https://linux.oracle.com/errata/ELSA-2024-3022.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/", "https://nvd.nist.gov/vuln/detail/CVE-2023-43789", "https://ubuntu.com/security/notices/USN-6408-1", "https://ubuntu.com/security/notices/USN-6408-2", "https://www.cve.org/CVERecord?id=CVE-2023-43789" ], "PublishedDate": "2023-10-12T12:15:10.71Z", "LastModifiedDate": "2024-05-22T17:16:05.443Z" }, { "VulnerabilityID": "CVE-2019-5815", "VendorIDs": [ "DLA-3101-1" ], "PkgName": "libxslt1.1", "InstalledVersion": "1.1.32-2.2~deb10u1", "FixedVersion": "1.1.32-2.2~deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5815", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "chromium-browser: Heap buffer overflow in Blink", "Description": "Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.", "Severity": "HIGH", "CweIDs": [ "CWE-787", "CWE-843" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-5815", "https://bugs.chromium.org/p/chromium/issues/detail?id=930663", "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html", "https://github.com/advisories/GHSA-vmfx-gcfq-wvm2", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml", "https://github.com/sparklemotion/nokogiri", "https://github.com/sparklemotion/nokogiri/issues/2630", "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b", "https://lists.debian.org/debian-devel/2022/07/msg00287.html", "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-5815", "https://ubuntu.com/security/notices/USN-5575-1", "https://ubuntu.com/security/notices/USN-5575-2", "https://www.cve.org/CVERecord?id=CVE-2019-5815" ], "PublishedDate": "2019-12-11T01:15:10.537Z", "LastModifiedDate": "2023-11-07T03:12:27.227Z" }, { "VulnerabilityID": "CVE-2021-30560", "VendorIDs": [ "DLA-3101-1" ], "PkgName": "libxslt1.1", "InstalledVersion": "1.1.32-2.2~deb10u1", "FixedVersion": "1.1.32-2.2~deb10u2", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-30560", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...", "Description": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 } }, "References": [ "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html", "https://crbug.com/1219209", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-30560.yml", "https://github.com/sparklemotion/nokogiri", "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2", "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2", "https://lists.debian.org/debian-devel/2022/07/msg00287.html", "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-30560", "https://security.gentoo.org/glsa/202310-23", "https://ubuntu.com/security/notices/USN-5575-1", "https://ubuntu.com/security/notices/USN-5575-2", "https://www.cve.org/CVERecord?id=CVE-2021-30560", "https://www.debian.org/security/2022/dsa-5216" ], "PublishedDate": "2021-08-03T19:15:08.127Z", "LastModifiedDate": "2024-03-27T14:45:52.567Z" }, { "VulnerabilityID": "CVE-2015-9019", "PkgName": "libxslt1.1", "InstalledVersion": "1.1.32-2.2~deb10u1", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-9019", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libxslt: math.random() in xslt uses unseeded randomness", "Description": "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.", "Severity": "LOW", "CweIDs": [ "CWE-330" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2015-9019", "https://bugzilla.gnome.org/show_bug.cgi?id=758400", "https://bugzilla.suse.com/show_bug.cgi?id=934119", "https://nvd.nist.gov/vuln/detail/CVE-2015-9019", "https://www.cve.org/CVERecord?id=CVE-2015-9019" ], "PublishedDate": "2017-04-05T21:59:00.147Z", "LastModifiedDate": "2017-04-11T19:57:32.417Z" }, { "VulnerabilityID": "CVE-2021-24031", "VendorIDs": [ "DSA-4850-1" ], "PkgName": "libzstd1", "InstalledVersion": "1.3.8+dfsg-3", "FixedVersion": "1.3.8+dfsg-3+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-24031", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "zstd: adds read permissions to files while being compressed or uncompressed", "Description": "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.", "Severity": "MEDIUM", "CweIDs": [ "CWE-276", "CWE-277" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 2.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-24031", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404", "https://github.com/facebook/zstd/issues/1630", "https://nvd.nist.gov/vuln/detail/CVE-2021-24031", "https://ubuntu.com/security/notices/USN-4760-1", "https://ubuntu.com/security/notices/USN-5720-1", "https://www.cve.org/CVERecord?id=CVE-2021-24031", "https://www.facebook.com/security/advisories/cve-2021-24031" ], "PublishedDate": "2021-03-04T21:15:12.743Z", "LastModifiedDate": "2021-04-14T15:28:44.127Z" }, { "VulnerabilityID": "CVE-2021-24032", "VendorIDs": [ "DSA-4859-1" ], "PkgName": "libzstd1", "InstalledVersion": "1.3.8+dfsg-3", "FixedVersion": "1.3.8+dfsg-3+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-24032", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "zstd: Race condition allows attacker to access world-readable destination file", "Description": "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.", "Severity": "MEDIUM", "CweIDs": [ "CWE-276", "CWE-277" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-24032", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519", "https://github.com/facebook/zstd/issues/2491", "https://nvd.nist.gov/vuln/detail/CVE-2021-24032", "https://ubuntu.com/security/notices/USN-4760-1", "https://ubuntu.com/security/notices/USN-5720-1", "https://www.cve.org/CVERecord?id=CVE-2021-24032", "https://www.facebook.com/security/advisories/cve-2021-24032" ], "PublishedDate": "2021-03-04T21:15:12.963Z", "LastModifiedDate": "2021-04-28T20:04:53.467Z" }, { "VulnerabilityID": "CVE-2023-4641", "PkgName": "login", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4641", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow-utils: possible password leak during passwd(1) change", "Description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-287", "CWE-303" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6632", "https://access.redhat.com/errata/RHSA-2023:7112", "https://access.redhat.com/errata/RHSA-2024:0417", "https://access.redhat.com/errata/RHSA-2024:2577", "https://access.redhat.com/security/cve/CVE-2023-4641", "https://bugzilla.redhat.com/2215945", "https://bugzilla.redhat.com/show_bug.cgi?id=2215945", "https://errata.almalinux.org/9/ALSA-2023-6632.html", "https://linux.oracle.com/cve/CVE-2023-4641.html", "https://linux.oracle.com/errata/ELSA-2023-7112.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-4641", "https://ubuntu.com/security/notices/USN-6640-1", "https://www.cve.org/CVERecord?id=CVE-2023-4641" ], "PublishedDate": "2023-12-27T16:15:13.363Z", "LastModifiedDate": "2024-05-03T16:15:11.09Z" }, { "VulnerabilityID": "CVE-2007-5686", "PkgName": "login", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "Severity": "LOW", "CweIDs": [ "CWE-264" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "V2Score": 4.9 } }, "References": [ "http://secunia.com/advisories/27215", "http://www.securityfocus.com/archive/1/482129/100/100/threaded", "http://www.securityfocus.com/archive/1/482857/100/0/threaded", "http://www.securityfocus.com/bid/26048", "http://www.vupen.com/english/advisories/2007/3474", "https://issues.rpath.com/browse/RPL-1825" ], "PublishedDate": "2007-10-28T17:08:00Z", "LastModifiedDate": "2018-10-15T21:45:59.05Z" }, { "VulnerabilityID": "CVE-2013-4235", "PkgName": "login", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", "Severity": "LOW", "CweIDs": [ "CWE-367" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "V2Score": 3.3, "V3Score": 4.7 }, "redhat": { "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V2Score": 3.7, "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2013-4235", "https://access.redhat.com/security/cve/cve-2013-4235", "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", "https://github.com/shadow-maint/shadow/issues/317", "https://github.com/shadow-maint/shadow/pull/545", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2013-4235", "https://security-tracker.debian.org/tracker/CVE-2013-4235", "https://security.gentoo.org/glsa/202210-26", "https://ubuntu.com/security/notices/USN-5745-1", "https://ubuntu.com/security/notices/USN-5745-2", "https://www.cve.org/CVERecord?id=CVE-2013-4235" ], "PublishedDate": "2019-12-03T15:15:10.963Z", "LastModifiedDate": "2023-02-13T00:28:41.337Z" }, { "VulnerabilityID": "CVE-2018-7169", "PkgName": "login", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", "Severity": "LOW", "CweIDs": [ "CWE-732" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-7169", "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", "https://github.com/shadow-maint/shadow/pull/97", "https://nvd.nist.gov/vuln/detail/CVE-2018-7169", "https://security.gentoo.org/glsa/201805-09", "https://ubuntu.com/security/notices/USN-5254-1", "https://www.cve.org/CVERecord?id=CVE-2018-7169" ], "PublishedDate": "2018-02-15T20:29:00.867Z", "LastModifiedDate": "2019-10-03T00:03:26.223Z" }, { "VulnerabilityID": "CVE-2019-19882", "PkgName": "login", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19882", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", "Severity": "LOW", "CweIDs": [ "CWE-732" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 6.9, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-19882", "https://bugs.archlinux.org/task/64836", "https://bugs.gentoo.org/702252", "https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75", "https://github.com/shadow-maint/shadow/pull/199", "https://github.com/void-linux/void-packages/pull/17580", "https://nvd.nist.gov/vuln/detail/CVE-2019-19882", "https://security.gentoo.org/glsa/202008-09", "https://www.cve.org/CVERecord?id=CVE-2019-19882" ], "PublishedDate": "2019-12-18T16:15:26.963Z", "LastModifiedDate": "2020-08-25T15:15:11.903Z" }, { "VulnerabilityID": "CVE-2023-29383", "PkgName": "login", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29383", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow: Improper input validation in shadow-utils package utility chfn", "Description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", "Severity": "LOW", "CweIDs": [ "CWE-74" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-29383", "https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d", "https://github.com/shadow-maint/shadow/pull/687", "https://nvd.nist.gov/vuln/detail/CVE-2023-29383", "https://www.cve.org/CVERecord?id=CVE-2023-29383", "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/", "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797" ], "PublishedDate": "2023-04-14T22:15:07.68Z", "LastModifiedDate": "2023-04-24T18:05:30.313Z" }, { "VulnerabilityID": "TEMP-0628843-DBAD28", "PkgName": "login", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[more related to CVE-2005-4890]", "Severity": "LOW" }, { "VulnerabilityID": "CVE-2024-28085", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "mount", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2024-06-10T17:16:24.37Z" }, { "VulnerabilityID": "CVE-2021-37600", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "mount", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", "Description": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 1.2, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-37600", "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", "https://github.com/karelzak/util-linux/issues/1395", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20210902-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-37600" ], "PublishedDate": "2021-07-30T14:15:18.737Z", "LastModifiedDate": "2024-08-04T02:15:24.44Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgName": "mount", "InstalledVersion": "2.33.1-0.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2024-01-07T09:15:08.713Z" }, { "VulnerabilityID": "CVE-2021-39537", "VendorIDs": [ "DLA-3682-1" ], "PkgName": "ncurses-base", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-39537", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c", "Description": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1\u0026content-type=text/x-cvsweb-markup", "http://seclists.org/fulldisclosure/2022/Oct/28", "http://seclists.org/fulldisclosure/2022/Oct/41", "http://seclists.org/fulldisclosure/2022/Oct/43", "http://seclists.org/fulldisclosure/2022/Oct/45", "https://access.redhat.com/security/cve/CVE-2021-39537", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html", "https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-39537", "https://security.netapp.com/advisory/ntap-20230427-0012/", "https://support.apple.com/kb/HT213443", "https://support.apple.com/kb/HT213444", "https://support.apple.com/kb/HT213488", "https://ubuntu.com/security/notices/USN-5477-1", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2021-39537" ], "PublishedDate": "2021-09-20T16:15:12.477Z", "LastModifiedDate": "2023-12-03T20:15:06.86Z" }, { "VulnerabilityID": "CVE-2022-29458", "VendorIDs": [ "DLA-3167-1" ], "PkgName": "ncurses-base", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29458", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: segfaulting OOB read", "Description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V2Score": 5.8, "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "http://seclists.org/fulldisclosure/2022/Oct/28", "http://seclists.org/fulldisclosure/2022/Oct/41", "https://access.redhat.com/security/cve/CVE-2022-29458", "https://invisible-island.net/ncurses/NEWS.html#t20220416", "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "https://support.apple.com/kb/HT213488", "https://ubuntu.com/security/notices/USN-5477-1", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2022-29458" ], "PublishedDate": "2022-04-18T21:15:07.6Z", "LastModifiedDate": "2023-11-07T03:46:02.1Z" }, { "VulnerabilityID": "CVE-2023-29491", "VendorIDs": [ "DLA-3682-1" ], "PkgName": "ncurses-base", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2024-01-31T03:15:07.86Z" }, { "VulnerabilityID": "CVE-2020-19189", "VendorIDs": [ "DLA-3586-1" ], "PkgName": "ncurses-base", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-19189", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997", "Description": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://seclists.org/fulldisclosure/2023/Dec/10", "http://seclists.org/fulldisclosure/2023/Dec/11", "http://seclists.org/fulldisclosure/2023/Dec/9", "https://access.redhat.com/security/cve/CVE-2020-19189", "https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md", "https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-19189", "https://security.netapp.com/advisory/ntap-20231006-0005/", "https://support.apple.com/kb/HT214036", "https://support.apple.com/kb/HT214037", "https://support.apple.com/kb/HT214038", "https://ubuntu.com/security/notices/USN-6451-1", "https://www.cve.org/CVERecord?id=CVE-2020-19189" ], "PublishedDate": "2023-08-22T19:16:01.02Z", "LastModifiedDate": "2023-12-13T01:15:07.683Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgName": "ncurses-base", "InstalledVersion": "6.1+20181013-2+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "MEDIUM", "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2024-01-31T03:15:08.49Z" }, { "VulnerabilityID": "CVE-2023-45918", "PkgName": "ncurses-base", "InstalledVersion": "6.1+20181013-2+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45918", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c", "Description": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Severity": "LOW", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-45918", "https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45918", "https://security.netapp.com/advisory/ntap-20240315-0006/", "https://www.cve.org/CVERecord?id=CVE-2023-45918" ], "PublishedDate": "2024-02-16T22:15:07.88Z", "LastModifiedDate": "2024-03-15T11:15:08.51Z" }, { "VulnerabilityID": "CVE-2021-39537", "VendorIDs": [ "DLA-3682-1" ], "PkgName": "ncurses-bin", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-39537", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c", "Description": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1\u0026content-type=text/x-cvsweb-markup", "http://seclists.org/fulldisclosure/2022/Oct/28", "http://seclists.org/fulldisclosure/2022/Oct/41", "http://seclists.org/fulldisclosure/2022/Oct/43", "http://seclists.org/fulldisclosure/2022/Oct/45", "https://access.redhat.com/security/cve/CVE-2021-39537", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html", "https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-39537", "https://security.netapp.com/advisory/ntap-20230427-0012/", "https://support.apple.com/kb/HT213443", "https://support.apple.com/kb/HT213444", "https://support.apple.com/kb/HT213488", "https://ubuntu.com/security/notices/USN-5477-1", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2021-39537" ], "PublishedDate": "2021-09-20T16:15:12.477Z", "LastModifiedDate": "2023-12-03T20:15:06.86Z" }, { "VulnerabilityID": "CVE-2022-29458", "VendorIDs": [ "DLA-3167-1" ], "PkgName": "ncurses-bin", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u3", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29458", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: segfaulting OOB read", "Description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V2Score": 5.8, "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "http://seclists.org/fulldisclosure/2022/Oct/28", "http://seclists.org/fulldisclosure/2022/Oct/41", "https://access.redhat.com/security/cve/CVE-2022-29458", "https://invisible-island.net/ncurses/NEWS.html#t20220416", "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "https://support.apple.com/kb/HT213488", "https://ubuntu.com/security/notices/USN-5477-1", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2022-29458" ], "PublishedDate": "2022-04-18T21:15:07.6Z", "LastModifiedDate": "2023-11-07T03:46:02.1Z" }, { "VulnerabilityID": "CVE-2023-29491", "VendorIDs": [ "DLA-3682-1" ], "PkgName": "ncurses-bin", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u5", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2024-01-31T03:15:07.86Z" }, { "VulnerabilityID": "CVE-2020-19189", "VendorIDs": [ "DLA-3586-1" ], "PkgName": "ncurses-bin", "InstalledVersion": "6.1+20181013-2+deb10u2", "FixedVersion": "6.1+20181013-2+deb10u4", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-19189", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997", "Description": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://seclists.org/fulldisclosure/2023/Dec/10", "http://seclists.org/fulldisclosure/2023/Dec/11", "http://seclists.org/fulldisclosure/2023/Dec/9", "https://access.redhat.com/security/cve/CVE-2020-19189", "https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md", "https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-19189", "https://security.netapp.com/advisory/ntap-20231006-0005/", "https://support.apple.com/kb/HT214036", "https://support.apple.com/kb/HT214037", "https://support.apple.com/kb/HT214038", "https://ubuntu.com/security/notices/USN-6451-1", "https://www.cve.org/CVERecord?id=CVE-2020-19189" ], "PublishedDate": "2023-08-22T19:16:01.02Z", "LastModifiedDate": "2023-12-13T01:15:07.683Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgName": "ncurses-bin", "InstalledVersion": "6.1+20181013-2+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "MEDIUM", "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2024-01-31T03:15:08.49Z" }, { "VulnerabilityID": "CVE-2023-45918", "PkgName": "ncurses-bin", "InstalledVersion": "6.1+20181013-2+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45918", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c", "Description": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Severity": "LOW", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-45918", "https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45918", "https://security.netapp.com/advisory/ntap-20240315-0006/", "https://www.cve.org/CVERecord?id=CVE-2023-45918" ], "PublishedDate": "2024-02-16T22:15:07.88Z", "LastModifiedDate": "2024-03-15T11:15:08.51Z" }, { "VulnerabilityID": "CVE-2020-36309", "PkgName": "nginx", "InstalledVersion": "1.16.1-1~buster", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36309", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...", "Description": "ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.", "Severity": "MEDIUM", "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V2Score": 5, "V3Score": 5.3 } }, "References": [ "https://github.com/openresty/lua-nginx-module/compare/v0.10.15...v0.10.16", "https://github.com/openresty/lua-nginx-module/pull/1654", "https://news.ycombinator.com/item?id=26712562", "https://security.netapp.com/advisory/ntap-20210507-0005/", "https://ubuntu.com/security/notices/USN-5371-1", "https://www.cve.org/CVERecord?id=CVE-2020-36309" ], "PublishedDate": "2021-04-06T19:15:13.583Z", "LastModifiedDate": "2021-06-03T19:10:18.11Z" }, { "VulnerabilityID": "CVE-2024-7347", "PkgName": "nginx", "InstalledVersion": "1.16.1-1~buster", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-7347", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "nginx: Nginx: Specially crafted file may cause Denial of Service", "Description": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-126" ], "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-7347", "https://forum.nginx.org/read.php?27,300027", "https://my.f5.com/manage/s/article/K000140529", "https://nvd.nist.gov/vuln/detail/CVE-2024-7347", "https://www.cve.org/CVERecord?id=CVE-2024-7347" ], "PublishedDate": "2024-08-14T15:15:31.87Z", "LastModifiedDate": "2024-08-20T19:25:17.513Z" }, { "VulnerabilityID": "CVE-2009-4487", "PkgName": "nginx", "InstalledVersion": "1.16.1-1~buster", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-4487", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "nginx: Absent sanitation of escape sequences in web server log", "Description": "nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.", "Severity": "LOW", "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V2Score": 6.8 }, "redhat": { "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "V2Score": 2.6 } }, "References": [ "http://www.securityfocus.com/archive/1/508830/100/0/threaded", "http://www.securityfocus.com/bid/37711", "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", "https://access.redhat.com/security/cve/CVE-2009-4487", "https://nvd.nist.gov/vuln/detail/CVE-2009-4487", "https://www.cve.org/CVERecord?id=CVE-2009-4487" ], "PublishedDate": "2010-01-13T20:30:00.357Z", "LastModifiedDate": "2021-11-10T15:51:21.787Z" }, { "VulnerabilityID": "CVE-2013-0337", "PkgName": "nginx", "InstalledVersion": "1.16.1-1~buster", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0337", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "The default configuration of nginx, possibly 1.3.13 and earlier, uses ...", "Description": "The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.", "Severity": "LOW", "CweIDs": [ "CWE-264" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V2Score": 7.5 } }, "References": [ "http://secunia.com/advisories/55181", "http://security.gentoo.org/glsa/glsa-201310-04.xml", "http://www.openwall.com/lists/oss-security/2013/02/21/15", "http://www.openwall.com/lists/oss-security/2013/02/22/1", "http://www.openwall.com/lists/oss-security/2013/02/24/1" ], "PublishedDate": "2013-10-27T00:55:03.713Z", "LastModifiedDate": "2021-11-10T15:57:02.123Z" }, { "VulnerabilityID": "CVE-2023-44487", "PkgName": "nginx", "InstalledVersion": "1.16.1-1~buster", "Layer": { "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce", "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-44487", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "Description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", "Severity": "LOW", "CweIDs": [ "CWE-400" ], "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/13/4", "http://www.openwall.com/lists/oss-security/2023/10/13/9", "http://www.openwall.com/lists/oss-security/2023/10/18/4", "http://www.openwall.com/lists/oss-security/2023/10/18/8", "http://www.openwall.com/lists/oss-security/2023/10/19/6", "http://www.openwall.com/lists/oss-security/2023/10/20/8", "https://access.redhat.com/errata/RHSA-2023:6746", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://access.redhat.com/security/cve/cve-2023-44487", "https://akka.io/security/akka-http-cve-2023-44487.html", "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size", "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", "https://aws.amazon.com/security/security-bulletins/AWS-2023-011", "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack", "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack", "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty", "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", "https://blog.vespa.ai/cve-2023-44487", "https://blog.vespa.ai/cve-2023-44487/", "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.suse.com/show_bug.cgi?id=1216123", "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", "https://chaos.social/@icing/111210915918780532", "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps", "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://devblogs.microsoft.com/dotnet/october-2023-updates/", "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", "https://errata.almalinux.org/9/ALSA-2023-6746.html", "https://errata.rockylinux.org/RLSA-2023:5838", "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", "https://github.com/Azure/AKS/issues/3947", "https://github.com/Kong/kong/discussions/11741", "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", "https://github.com/advisories/GHSA-vx74-f528-fxqg", "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", "https://github.com/akka/akka-http/issues/4323", "https://github.com/akka/akka-http/pull/4324", "https://github.com/akka/akka-http/pull/4325", "https://github.com/alibaba/tengine/issues/1872", "https://github.com/apache/apisix/issues/10320", "https://github.com/apache/httpd-site/pull/10", "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", "https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628", "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", "https://github.com/apache/trafficserver/pull/10564", "https://github.com/apple/swift-nio-http2", "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3", "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", "https://github.com/bcdannyboy/CVE-2023-44487", "https://github.com/caddyserver/caddy/issues/5877", "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", "https://github.com/dotnet/announcements/issues/277", "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", "https://github.com/eclipse/jetty.project/issues/10679", "https://github.com/envoyproxy/envoy/pull/30055", "https://github.com/etcd-io/etcd/issues/16740", "https://github.com/facebook/proxygen/pull/466", "https://github.com/golang/go/issues/63417", "https://github.com/grpc/grpc-go/pull/6703", "https://github.com/grpc/grpc-go/releases", "https://github.com/h2o/h2o/pull/3291", "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", "https://github.com/haproxy/haproxy/issues/2312", "https://github.com/hyperium/hyper/issues/3337", "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", "https://github.com/junkurihara/rust-rpxy/issues/97", "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", "https://github.com/kazu-yamamoto/http2/issues/93", "https://github.com/kubernetes/kubernetes/pull/121120", "https://github.com/line/armeria/pull/5232", "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", "https://github.com/micrictor/http2-rst-stream", "https://github.com/microsoft/CBL-Mariner/pull/6381", "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", "https://github.com/nghttp2/nghttp2/pull/1961", "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", "https://github.com/ninenines/cowboy/issues/1615", "https://github.com/nodejs/node/pull/50121", "https://github.com/openresty/openresty/issues/930", "https://github.com/opensearch-project/data-prepper/issues/3474", "https://github.com/oqtane/oqtane.framework/discussions/3367", "https://github.com/projectcontour/contour/pull/5826", "https://github.com/tempesta-tech/tempesta/issues/1986", "https://github.com/varnishcache/varnish-cache/issues/3996", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://istio.io/latest/news/security/istio-security-2023-004", "https://istio.io/latest/news/security/istio-security-2023-004/", "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487", "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", "https://linux.oracle.com/cve/CVE-2023-44487.html", "https://linux.oracle.com/errata/ELSA-2024-1444.html", "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2", "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", "https://my.f5.com/manage/s/article/K000137106", "https://netty.io/news/2023/10/10/4-1-100-Final.html", "https://news.ycombinator.com/item?id=37830987", "https://news.ycombinator.com/item?id=37830998", "https://news.ycombinator.com/item?id=37831062", "https://news.ycombinator.com/item?id=37837043", "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases", "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response", "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", "https://pkg.go.dev/vuln/GO-2023-2102", "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231016-0001", "https://security.netapp.com/advisory/ntap-20231016-0001/", "https://security.netapp.com/advisory/ntap-20240426-0007", "https://security.netapp.com/advisory/ntap-20240426-0007/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://security.netapp.com/advisory/ntap-20240621-0007", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://security.paloaltonetworks.com/CVE-2023-44487", "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12", "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94", "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81", "https://ubuntu.com/security/CVE-2023-44487", "https://ubuntu.com/security/notices/USN-6427-1", "https://ubuntu.com/security/notices/USN-6427-2", "https://ubuntu.com/security/notices/USN-6438-1", "https://ubuntu.com/security/notices/USN-6505-1", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-6754-1", "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records", "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-44487", "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", "https://www.debian.org/security/2023/dsa-5521", "https://www.debian.org/security/2023/dsa-5522", "https://www.debian.org/security/2023/dsa-5540", "https://www.debian.org/security/2023/dsa-5549", "https://www.debian.org/security/2023/dsa-5558", "https://www.debian.org/security/2023/dsa-5570", "https://www.eclipse.org/lists/jetty-announce/msg00181.html", "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html", "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487", "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products", "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "https://www.openwall.com/lists/oss-security/2023/10/10/6", "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday", "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/" ], "PublishedDate": "2023-10-10T14:15:10.883Z", "LastModifiedDate": "2024-08-14T19:57:18.86Z" }, { "VulnerabilityID": "CVE-2023-4641", "PkgName": "passwd", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4641", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow-utils: possible password leak during passwd(1) change", "Description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-287", "CWE-303" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6632", "https://access.redhat.com/errata/RHSA-2023:7112", "https://access.redhat.com/errata/RHSA-2024:0417", "https://access.redhat.com/errata/RHSA-2024:2577", "https://access.redhat.com/security/cve/CVE-2023-4641", "https://bugzilla.redhat.com/2215945", "https://bugzilla.redhat.com/show_bug.cgi?id=2215945", "https://errata.almalinux.org/9/ALSA-2023-6632.html", "https://linux.oracle.com/cve/CVE-2023-4641.html", "https://linux.oracle.com/errata/ELSA-2023-7112.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-4641", "https://ubuntu.com/security/notices/USN-6640-1", "https://www.cve.org/CVERecord?id=CVE-2023-4641" ], "PublishedDate": "2023-12-27T16:15:13.363Z", "LastModifiedDate": "2024-05-03T16:15:11.09Z" }, { "VulnerabilityID": "CVE-2007-5686", "PkgName": "passwd", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "Severity": "LOW", "CweIDs": [ "CWE-264" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "V2Score": 4.9 } }, "References": [ "http://secunia.com/advisories/27215", "http://www.securityfocus.com/archive/1/482129/100/100/threaded", "http://www.securityfocus.com/archive/1/482857/100/0/threaded", "http://www.securityfocus.com/bid/26048", "http://www.vupen.com/english/advisories/2007/3474", "https://issues.rpath.com/browse/RPL-1825" ], "PublishedDate": "2007-10-28T17:08:00Z", "LastModifiedDate": "2018-10-15T21:45:59.05Z" }, { "VulnerabilityID": "CVE-2013-4235", "PkgName": "passwd", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", "Severity": "LOW", "CweIDs": [ "CWE-367" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "V2Score": 3.3, "V3Score": 4.7 }, "redhat": { "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V2Score": 3.7, "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2013-4235", "https://access.redhat.com/security/cve/cve-2013-4235", "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", "https://github.com/shadow-maint/shadow/issues/317", "https://github.com/shadow-maint/shadow/pull/545", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2013-4235", "https://security-tracker.debian.org/tracker/CVE-2013-4235", "https://security.gentoo.org/glsa/202210-26", "https://ubuntu.com/security/notices/USN-5745-1", "https://ubuntu.com/security/notices/USN-5745-2", "https://www.cve.org/CVERecord?id=CVE-2013-4235" ], "PublishedDate": "2019-12-03T15:15:10.963Z", "LastModifiedDate": "2023-02-13T00:28:41.337Z" }, { "VulnerabilityID": "CVE-2018-7169", "PkgName": "passwd", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7169", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", "Severity": "LOW", "CweIDs": [ "CWE-732" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-7169", "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", "https://github.com/shadow-maint/shadow/pull/97", "https://nvd.nist.gov/vuln/detail/CVE-2018-7169", "https://security.gentoo.org/glsa/201805-09", "https://ubuntu.com/security/notices/USN-5254-1", "https://www.cve.org/CVERecord?id=CVE-2018-7169" ], "PublishedDate": "2018-02-15T20:29:00.867Z", "LastModifiedDate": "2019-10-03T00:03:26.223Z" }, { "VulnerabilityID": "CVE-2019-19882", "PkgName": "passwd", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19882", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", "Severity": "LOW", "CweIDs": [ "CWE-732" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 6.9, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-19882", "https://bugs.archlinux.org/task/64836", "https://bugs.gentoo.org/702252", "https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75", "https://github.com/shadow-maint/shadow/pull/199", "https://github.com/void-linux/void-packages/pull/17580", "https://nvd.nist.gov/vuln/detail/CVE-2019-19882", "https://security.gentoo.org/glsa/202008-09", "https://www.cve.org/CVERecord?id=CVE-2019-19882" ], "PublishedDate": "2019-12-18T16:15:26.963Z", "LastModifiedDate": "2020-08-25T15:15:11.903Z" }, { "VulnerabilityID": "CVE-2023-29383", "PkgName": "passwd", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29383", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow: Improper input validation in shadow-utils package utility chfn", "Description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", "Severity": "LOW", "CweIDs": [ "CWE-74" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-29383", "https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d", "https://github.com/shadow-maint/shadow/pull/687", "https://nvd.nist.gov/vuln/detail/CVE-2023-29383", "https://www.cve.org/CVERecord?id=CVE-2023-29383", "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/", "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797" ], "PublishedDate": "2023-04-14T22:15:07.68Z", "LastModifiedDate": "2023-04-24T18:05:30.313Z" }, { "VulnerabilityID": "TEMP-0628843-DBAD28", "PkgName": "passwd", "InstalledVersion": "1:4.5-1.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[more related to CVE-2005-4890]", "Severity": "LOW" }, { "VulnerabilityID": "CVE-2020-10543", "PkgName": "perl-base", "InstalledVersion": "5.28.1-6", "FixedVersion": "5.28.1-6+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-10543", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "perl: heap-based buffer overflow in regular expression compiler leads to DoS", "Description": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-190", "CWE-787" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "V2Score": 6.4, "V3Score": 8.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 8.2 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html", "https://access.redhat.com/security/cve/CVE-2020-10543", "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod", "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3", "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed", "https://linux.oracle.com/cve/CVE-2020-10543.html", "https://linux.oracle.com/errata/ELSA-2021-9238.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/", "https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod", "https://metacpan.org/pod/release/XSAWYERX/perl-5.30.3/pod/perldelta.pod", "https://nvd.nist.gov/vuln/detail/CVE-2020-10543", "https://security.gentoo.org/glsa/202006-03", "https://security.netapp.com/advisory/ntap-20200611-0001/", "https://ubuntu.com/security/notices/USN-4602-1", "https://ubuntu.com/security/notices/USN-4602-2", "https://www.cve.org/CVERecord?id=CVE-2020-10543", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2021.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpuoct2020.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2020-06-05T14:15:10.467Z", "LastModifiedDate": "2023-11-07T03:14:10.297Z" }, { "VulnerabilityID": "CVE-2020-10878", "PkgName": "perl-base", "InstalledVersion": "5.28.1-6", "FixedVersion": "5.28.1-6+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-10878", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS", "Description": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V2Score": 7.5, "V3Score": 8.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html", "https://access.redhat.com/security/cve/CVE-2020-10878", "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod", "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3", "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8", "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c", "https://linux.oracle.com/cve/CVE-2020-10878.html", "https://linux.oracle.com/errata/ELSA-2021-9238.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/", "https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod", "https://metacpan.org/pod/release/XSAWYERX/perl-5.30.3/pod/perldelta.pod", "https://nvd.nist.gov/vuln/detail/CVE-2020-10878", "https://security.gentoo.org/glsa/202006-03", "https://security.netapp.com/advisory/ntap-20200611-0001/", "https://ubuntu.com/security/notices/USN-4602-1", "https://ubuntu.com/security/notices/USN-4602-2", "https://www.cve.org/CVERecord?id=CVE-2020-10878", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2021.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpuoct2020.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2020-06-05T14:15:10.527Z", "LastModifiedDate": "2023-11-07T03:14:25.1Z" }, { "VulnerabilityID": "CVE-2020-12723", "PkgName": "perl-base", "InstalledVersion": "5.28.1-6", "FixedVersion": "5.28.1-6+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-12723", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS", "Description": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.", "Severity": "HIGH", "CweIDs": [ "CWE-120" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html", "https://access.redhat.com/security/cve/CVE-2020-12723", "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod", "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3", "https://github.com/Perl/perl5/issues/16947", "https://github.com/Perl/perl5/issues/17743", "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a", "https://linux.oracle.com/cve/CVE-2020-12723.html", "https://linux.oracle.com/errata/ELSA-2021-9238.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/", "https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod", "https://metacpan.org/pod/release/XSAWYERX/perl-5.30.3/pod/perldelta.pod", "https://nvd.nist.gov/vuln/detail/CVE-2020-12723", "https://security.gentoo.org/glsa/202006-03", "https://security.netapp.com/advisory/ntap-20200611-0001/", "https://ubuntu.com/security/notices/USN-4602-1", "https://ubuntu.com/security/notices/USN-4602-2", "https://www.cve.org/CVERecord?id=CVE-2020-12723", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2021.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpuoct2020.html", "https://www.oracle.com/security-alerts/cpuoct2021.html" ], "PublishedDate": "2020-06-05T15:15:10.8Z", "LastModifiedDate": "2023-11-07T03:15:43.87Z" }, { "VulnerabilityID": "CVE-2020-16156", "PkgName": "perl-base", "InstalledVersion": "5.28.1-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-16156", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "perl-CPAN: Bypass of verification of signatures in CHECKSUMS files", "Description": "CPAN 2.28 allows Signature Verification Bypass.", "Severity": "HIGH", "CweIDs": [ "CWE-347" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html", "https://access.redhat.com/security/cve/CVE-2020-16156", "https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/", "https://metacpan.org/pod/distribution/CPAN/scripts/cpan", "https://nvd.nist.gov/vuln/detail/CVE-2020-16156", "https://ubuntu.com/security/notices/USN-5689-1", "https://ubuntu.com/security/notices/USN-5689-2", "https://www.cve.org/CVERecord?id=CVE-2020-16156" ], "PublishedDate": "2021-12-13T18:15:07.943Z", "LastModifiedDate": "2023-11-07T03:18:12.83Z" }, { "VulnerabilityID": "CVE-2023-31484", "PkgName": "perl-base", "InstalledVersion": "5.28.1-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://access.redhat.com/errata/RHSA-2023:6539", "https://access.redhat.com/security/cve/CVE-2023-31484", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://bugzilla.redhat.com/2218667", "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", "https://errata.almalinux.org/9/ALSA-2023-6539.html", "https://errata.rockylinux.org/RLSA-2023:6539", "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", "https://github.com/andk/cpanpm/pull/175", "https://linux.oracle.com/cve/CVE-2023-31484.html", "https://linux.oracle.com/errata/ELSA-2024-3094.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://ubuntu.com/security/notices/USN-6112-1", "https://ubuntu.com/security/notices/USN-6112-2", "https://www.cve.org/CVERecord?id=CVE-2023-31484", "https://www.openwall.com/lists/oss-security/2023/04/18/14" ], "PublishedDate": "2023-04-29T00:15:09Z", "LastModifiedDate": "2024-08-01T13:43:46.38Z" }, { "VulnerabilityID": "CVE-2011-4116", "PkgName": "perl-base", "InstalledVersion": "5.28.1-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "perl: File:: Temp insecure temporary file handling", "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", "Severity": "LOW", "CweIDs": [ "CWE-59" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "V2Score": 1.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2011/11/04/2", "http://www.openwall.com/lists/oss-security/2011/11/04/4", "https://access.redhat.com/security/cve/CVE-2011-4116", "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14", "https://nvd.nist.gov/vuln/detail/CVE-2011-4116", "https://rt.cpan.org/Public/Bug/Display.html?id=69106", "https://seclists.org/oss-sec/2011/q4/238", "https://www.cve.org/CVERecord?id=CVE-2011-4116" ], "PublishedDate": "2020-01-31T18:15:11.343Z", "LastModifiedDate": "2020-02-05T22:10:26.29Z" }, { "VulnerabilityID": "CVE-2023-31486", "PkgName": "perl-base", "InstalledVersion": "5.28.1-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "http-tiny: insecure TLS cert default", "Description": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "Severity": "LOW", "CweIDs": [ "CWE-295" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://access.redhat.com/errata/RHSA-2023:6542", "https://access.redhat.com/security/cve/CVE-2023-31486", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://bugzilla.redhat.com/2228392", "https://errata.almalinux.org/9/ALSA-2023-6542.html", "https://github.com/chansen/p5-http-tiny/pull/153", "https://hackeriet.github.io/cpan-http-tiny-overview/", "https://linux.oracle.com/cve/CVE-2023-31486.html", "https://linux.oracle.com/errata/ELSA-2023-7174.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-31486", "https://www.cve.org/CVERecord?id=CVE-2023-31486", "https://www.openwall.com/lists/oss-security/2023/04/18/14", "https://www.openwall.com/lists/oss-security/2023/05/03/4", "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/" ], "PublishedDate": "2023-04-29T00:15:09.083Z", "LastModifiedDate": "2023-06-21T18:19:52.937Z" }, { "VulnerabilityID": "TEMP-0517018-A83CE6", "PkgName": "sysvinit-utils", "InstalledVersion": "2.93-8", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[sysvinit: no-root option in expert installer exposes locally exploitable security flaw]", "Severity": "LOW" }, { "VulnerabilityID": "CVE-2005-2541", "PkgName": "tar", "InstalledVersion": "1.30+dfsg-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tar: does not properly warn the user when extracting setuid or setgid files", "Description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "Severity": "LOW", "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "V2Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://marc.info/?l=bugtraq\u0026m=112327628230258\u0026w=2", "https://access.redhat.com/security/cve/CVE-2005-2541", "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2005-2541", "https://www.cve.org/CVERecord?id=CVE-2005-2541" ], "PublishedDate": "2005-08-10T04:00:00Z", "LastModifiedDate": "2023-11-07T01:57:39.453Z" }, { "VulnerabilityID": "CVE-2019-9923", "PkgName": "tar", "InstalledVersion": "1.30+dfsg-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", "http://savannah.gnu.org/bugs/?55369", "https://access.redhat.com/security/cve/CVE-2019-9923", "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241", "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2019-9923", "https://ubuntu.com/security/notices/USN-4692-1", "https://www.cve.org/CVERecord?id=CVE-2019-9923" ], "PublishedDate": "2019-03-22T08:29:00.247Z", "LastModifiedDate": "2023-11-07T03:13:48.96Z" }, { "VulnerabilityID": "CVE-2021-20193", "PkgName": "tar", "InstalledVersion": "1.30+dfsg-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20193", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tar: Memory leak in read_header() in list.c", "Description": "A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "Severity": "LOW", "CweIDs": [ "CWE-125", "CWE-401" ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-20193", "https://bugzilla.redhat.com/show_bug.cgi?id=1917565", "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777", "https://nvd.nist.gov/vuln/detail/CVE-2021-20193", "https://savannah.gnu.org/bugs/?59897", "https://security.gentoo.org/glsa/202105-29", "https://ubuntu.com/security/notices/USN-5329-1", "https://www.cve.org/CVERecord?id=CVE-2021-20193" ], "PublishedDate": "2021-03-26T17:15:12.843Z", "LastModifiedDate": "2023-11-07T03:28:59.727Z" }, { "VulnerabilityID": "CVE-2022-48303", "PkgName": "tar", "InstalledVersion": "1.30+dfsg-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48303", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tar: heap buffer overflow at from_header() in list.c via specially crafted checksum", "Description": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0959", "https://access.redhat.com/security/cve/CVE-2022-48303", "https://bugzilla.redhat.com/2149722", "https://bugzilla.redhat.com/show_bug.cgi?id=2149722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303", "https://errata.almalinux.org/9/ALSA-2023-0959.html", "https://errata.rockylinux.org/RLSA-2023:0959", "https://linux.oracle.com/cve/CVE-2022-48303.html", "https://linux.oracle.com/errata/ELSA-2023-0959.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/", "https://nvd.nist.gov/vuln/detail/CVE-2022-48303", "https://savannah.gnu.org/bugs/?62387", "https://savannah.gnu.org/patch/?10307", "https://ubuntu.com/security/notices/USN-5900-1", "https://ubuntu.com/security/notices/USN-5900-2", "https://www.cve.org/CVERecord?id=CVE-2022-48303" ], "PublishedDate": "2023-01-30T04:15:08.03Z", "LastModifiedDate": "2023-05-30T17:16:57.713Z" }, { "VulnerabilityID": "CVE-2023-39804", "VendorIDs": [ "DLA-3755-1" ], "PkgName": "tar", "InstalledVersion": "1.30+dfsg-6", "FixedVersion": "1.30+dfsg-6+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39804", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tar: Incorrectly handled extension attributes in PAX archives can lead to a crash", "Description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", "Severity": "LOW", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-39804", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079", "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723", "https://nvd.nist.gov/vuln/detail/CVE-2023-39804", "https://ubuntu.com/security/notices/USN-6543-1", "https://www.cve.org/CVERecord?id=CVE-2023-39804" ], "PublishedDate": "2024-03-27T04:15:08.897Z", "LastModifiedDate": "2024-03-27T12:29:30.307Z" }, { "VulnerabilityID": "TEMP-0290435-0B57B5", "PkgName": "tar", "InstalledVersion": "1.30+dfsg-6", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[tar's rmt command may have undesired side effects]", "Severity": "LOW" }, { "VulnerabilityID": "DLA-3134-1", "VendorIDs": [ "DLA-3134-1" ], "PkgName": "tzdata", "InstalledVersion": "2019c-0+deb10u1", "FixedVersion": "2021a-0+deb10u7", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tzdata - new timezone database", "Severity": "UNKNOWN" }, { "VulnerabilityID": "DLA-3161-1", "VendorIDs": [ "DLA-3161-1" ], "PkgName": "tzdata", "InstalledVersion": "2019c-0+deb10u1", "FixedVersion": "2021a-0+deb10u8", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tzdata - new timezone database", "Severity": "UNKNOWN" }, { "VulnerabilityID": "DLA-3366-1", "VendorIDs": [ "DLA-3366-1" ], "PkgName": "tzdata", "InstalledVersion": "2019c-0+deb10u1", "FixedVersion": "2021a-0+deb10u10", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tzdata - new timezone database", "Severity": "UNKNOWN" }, { "VulnerabilityID": "DLA-3412-1", "VendorIDs": [ "DLA-3412-1" ], "PkgName": "tzdata", "InstalledVersion": "2019c-0+deb10u1", "FixedVersion": "2021a-0+deb10u11", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tzdata - new timezone database", "Severity": "UNKNOWN" }, { "VulnerabilityID": "DLA-3684-1", "VendorIDs": [ "DLA-3684-1" ], "PkgName": "tzdata", "InstalledVersion": "2019c-0+deb10u1", "FixedVersion": "2021a-0+deb10u12", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tzdata - new timezone database", "Severity": "UNKNOWN" }, { "VulnerabilityID": "DLA-3788-1", "VendorIDs": [ "DLA-3788-1" ], "PkgName": "tzdata", "InstalledVersion": "2019c-0+deb10u1", "FixedVersion": "2024a-0+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tzdata - new timezone database", "Severity": "UNKNOWN" }, { "VulnerabilityID": "CVE-2024-28085", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "util-linux", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "HIGH", "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2024-06-10T17:16:24.37Z" }, { "VulnerabilityID": "CVE-2021-37600", "VendorIDs": [ "DLA-3782-1" ], "PkgName": "util-linux", "InstalledVersion": "2.33.1-0.1", "FixedVersion": "2.33.1-0.1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", "Description": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 1.2, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-37600", "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", "https://github.com/karelzak/util-linux/issues/1395", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20210902-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-37600" ], "PublishedDate": "2021-07-30T14:15:18.737Z", "LastModifiedDate": "2024-08-04T02:15:24.44Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgName": "util-linux", "InstalledVersion": "2.33.1-0.1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2024-01-07T09:15:08.713Z" }, { "VulnerabilityID": "CVE-2022-37434", "VendorIDs": [ "DLA-3103-1" ], "PkgName": "zlib1g", "InstalledVersion": "1:1.2.11.dfsg-1", "FixedVersion": "1:1.2.11.dfsg-1+deb10u2", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-37434", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field", "Description": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "http://seclists.org/fulldisclosure/2022/Oct/37", "http://seclists.org/fulldisclosure/2022/Oct/38", "http://seclists.org/fulldisclosure/2022/Oct/41", "http://seclists.org/fulldisclosure/2022/Oct/42", "http://www.openwall.com/lists/oss-security/2022/08/05/2", "http://www.openwall.com/lists/oss-security/2022/08/09/1", "https://access.redhat.com/errata/RHSA-2022:8291", "https://access.redhat.com/security/cve/CVE-2022-37434", "https://bugzilla.redhat.com/2116639", "https://bugzilla.redhat.com/show_bug.cgi?id=2053198", "https://bugzilla.redhat.com/show_bug.cgi?id=2077431", "https://bugzilla.redhat.com/show_bug.cgi?id=2081296", "https://bugzilla.redhat.com/show_bug.cgi?id=2116639", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434", "https://errata.almalinux.org/9/ALSA-2022-8291.html", "https://errata.rockylinux.org/RLSA-2022:8291", "https://github.com/curl/curl/issues/9271", "https://github.com/ivd38/zlib_overflow", "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063", "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1", "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764", "https://linux.oracle.com/cve/CVE-2022-37434.html", "https://linux.oracle.com/errata/ELSA-2023-1095.html", "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/", "https://nvd.nist.gov/vuln/detail/CVE-2022-37434", "https://security.netapp.com/advisory/ntap-20220901-0005/", "https://security.netapp.com/advisory/ntap-20230427-0007/", "https://support.apple.com/kb/HT213488", "https://support.apple.com/kb/HT213489", "https://support.apple.com/kb/HT213490", "https://support.apple.com/kb/HT213491", "https://support.apple.com/kb/HT213493", "https://support.apple.com/kb/HT213494", "https://ubuntu.com/security/notices/USN-5570-1", "https://ubuntu.com/security/notices/USN-5570-2", "https://ubuntu.com/security/notices/USN-5573-1", "https://ubuntu.com/security/notices/USN-6736-1", "https://ubuntu.com/security/notices/USN-6736-2", "https://www.cve.org/CVERecord?id=CVE-2022-37434", "https://www.debian.org/security/2022/dsa-5218" ], "PublishedDate": "2022-08-05T07:15:07.24Z", "LastModifiedDate": "2023-07-19T00:56:46.373Z" }, { "VulnerabilityID": "CVE-2023-45853", "PkgName": "zlib1g", "InstalledVersion": "1:1.2.11.dfsg-1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45853", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6", "Description": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.", "Severity": "CRITICAL", "CweIDs": [ "CWE-190" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/20/9", "http://www.openwall.com/lists/oss-security/2024/01/24/10", "https://access.redhat.com/security/cve/CVE-2023-45853", "https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356", "https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61", "https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4", "https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c", "https://github.com/madler/zlib/pull/843", "https://github.com/smihica/pyminizip", "https://github.com/smihica/pyminizip/blob/master/zlib-1.2.11/contrib/minizip/zip.c", "https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45853", "https://pypi.org/project/pyminizip/#history", "https://security.gentoo.org/glsa/202401-18", "https://security.netapp.com/advisory/ntap-20231130-0009", "https://security.netapp.com/advisory/ntap-20231130-0009/", "https://www.cve.org/CVERecord?id=CVE-2023-45853", "https://www.winimage.com/zLibDll/minizip.html" ], "PublishedDate": "2023-10-14T02:15:09.323Z", "LastModifiedDate": "2024-08-01T13:44:58.99Z" }, { "VulnerabilityID": "CVE-2018-25032", "VendorIDs": [ "DSA-5111-1" ], "PkgName": "zlib1g", "InstalledVersion": "1:1.2.11.dfsg-1", "FixedVersion": "1:1.2.11.dfsg-1+deb10u1", "Layer": { "Digest": "sha256:54fec2fa59d0a0de9cd2dec9850b36c43de451f1fd1c0a5bf8f1cf26a61a5da4", "DiffID": "sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-25032", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "zlib: A flaw found in zlib when compressing (not decompressing) certain inputs", "Description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 8.2 } }, "References": [ "http://seclists.org/fulldisclosure/2022/May/33", "http://seclists.org/fulldisclosure/2022/May/35", "http://seclists.org/fulldisclosure/2022/May/38", "http://www.openwall.com/lists/oss-security/2022/03/25/2", "http://www.openwall.com/lists/oss-security/2022/03/26/1", "https://access.redhat.com/errata/RHSA-2022:8420", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json", "https://access.redhat.com/security/cve/CVE-2018-25032", "https://bugzilla.redhat.com/2067945", "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", "https://errata.almalinux.org/9/ALSA-2022-8420.html", "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", "https://github.com/madler/zlib/issues/605", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml", "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4", "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5", "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ", "https://linux.oracle.com/cve/CVE-2018-25032.html", "https://linux.oracle.com/errata/ELSA-2022-9565.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html", "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html", "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU", "https://nvd.nist.gov/vuln/detail/CVE-2018-25032", "https://security.gentoo.org/glsa/202210-42", "https://security.netapp.com/advisory/ntap-20220526-0009", "https://security.netapp.com/advisory/ntap-20220526-0009/", "https://security.netapp.com/advisory/ntap-20220729-0004", "https://security.netapp.com/advisory/ntap-20220729-0004/", "https://support.apple.com/kb/HT213255", "https://support.apple.com/kb/HT213256", "https://support.apple.com/kb/HT213257", "https://ubuntu.com/security/notices/USN-5355-1", "https://ubuntu.com/security/notices/USN-5355-2", "https://ubuntu.com/security/notices/USN-5359-1", "https://ubuntu.com/security/notices/USN-5359-2", "https://ubuntu.com/security/notices/USN-5739-1", "https://ubuntu.com/security/notices/USN-6736-1", "https://ubuntu.com/security/notices/USN-6736-2", "https://www.cve.org/CVERecord?id=CVE-2018-25032", "https://www.debian.org/security/2022/dsa-5111", "https://www.openwall.com/lists/oss-security/2022/03/24/1", "https://www.openwall.com/lists/oss-security/2022/03/28/1", "https://www.openwall.com/lists/oss-security/2022/03/28/3", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-03-25T09:15:08.187Z", "LastModifiedDate": "2023-11-07T02:56:26.393Z" } ] } ] }