Vulnerabilites related to netapp - 500f_firmware
cve-2020-27618
Vulnerability from cvelistv5
Published
2021-02-26 00:00
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:18:45.458Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=26224", }, { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21", }, { name: "GLSA-202107-07", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-07", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210401-0006/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=26224", }, { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21", }, { name: "GLSA-202107-07", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202107-07", }, { url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20210401-0006/", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-27618", datePublished: "2021-02-26T00:00:00", dateReserved: "2020-10-22T00:00:00", dateUpdated: "2024-08-04T16:18:45.458Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31879
Vulnerability from cvelistv5
Published
2021-04-29 03:03
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
References
▼ | URL | Tags |
---|---|---|
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210618-0002/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:30.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-18T09:06:25", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-31879", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", refsource: "MISC", url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { name: "https://security.netapp.com/advisory/ntap-20210618-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31879", datePublished: "2021-04-29T03:03:15", dateReserved: "2021-04-29T00:00:00", dateUpdated: "2024-08-03T23:10:30.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-25013
Vulnerability from cvelistv5
Published
2021-01-04 00:00
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:00:18.826Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24973", }, { tags: [ "x_transferred", ], url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b", }, { name: "FEDORA-2021-6feb090c97", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/", }, { name: "FEDORA-2021-6e581c051a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "[kafka-dev] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210423 [jira] [Commented] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E", }, { name: "[zookeeper-issues] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E", }, { name: "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E", }, { name: "GLSA-202107-07", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-07", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210205-0004/", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24973", }, { url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b", }, { name: "FEDORA-2021-6feb090c97", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/", }, { name: "FEDORA-2021-6e581c051a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "[kafka-dev] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210423 [jira] [Commented] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E", }, { name: "[zookeeper-issues] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E", }, { name: "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E", }, { name: "GLSA-202107-07", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202107-07", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20210205-0004/", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-25013", datePublished: "2021-01-04T00:00:00", dateReserved: "2021-01-04T00:00:00", dateUpdated: "2024-08-05T03:00:18.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-25215
Vulnerability from cvelistv5
Published
2021-04-29 00:55
Modified
2024-09-16 22:02
Severity ?
EPSS score ?
Summary
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | ISC | BIND9 |
Version: Open Source Branches 9.0 through 9.11 9.0.0 through versions before 9.11.30 Version: Open Source Branches 9.12 through 9.16 9.12.0 through versions before 9.16.14 Version: Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions before 9.11.30-S1 Version: Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.14-S1 Version: Development Branch 9.17 9.17.0 through versiosn before 9.17.12 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:56:11.110Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.isc.org/v1/docs/cve-2021-25215", }, { name: "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/1", }, { name: "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/2", }, { name: "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/3", }, { name: "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/4", }, { name: "DSA-4909", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4909", }, { name: "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html", }, { name: "FEDORA-2021-ace61cbee1", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/", }, { name: "FEDORA-2021-47f23870ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210521-0006/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BIND9", vendor: "ISC", versions: [ { status: "affected", version: "Open Source Branches 9.0 through 9.11 9.0.0 through versions before 9.11.30", }, { status: "affected", version: "Open Source Branches 9.12 through 9.16 9.12.0 through versions before 9.16.14", }, { status: "affected", version: "Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions before 9.11.30-S1", }, { status: "affected", version: "Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.14-S1", }, { status: "affected", version: "Development Branch 9.17 9.17.0 through versiosn before 9.17.12", }, ], }, ], credits: [ { lang: "en", value: "ISC would like to thank Siva Kakarla for bringing this vulnerability to our attention.", }, ], datePublic: "2021-04-28T00:00:00", descriptions: [ { lang: "en", value: "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.", }, ], exploits: [ { lang: "en", value: "We are not aware of any active exploits.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way named processes these records may trigger an attempt to add the same RRset to the ANSWER section more than once. This causes an assertion check in BIND to fail. DNAME records are processed by both authoritative and recursive servers. For authoritative servers, the DNAME record triggering the flaw can be retrieved from a zone database. For servers performing recursion, such a record is processed in the course of a query sent to an authoritative server. Affects BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-08T14:08:28", orgId: "404fd4d2-a609-4245-b543-2c944a302a22", shortName: "isc", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.isc.org/v1/docs/cve-2021-25215", }, { name: "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/1", }, { name: "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/2", }, { name: "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/3", }, { name: "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/4", }, { name: "DSA-4909", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4909", }, { name: "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html", }, { name: "FEDORA-2021-ace61cbee1", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/", }, { name: "FEDORA-2021-47f23870ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210521-0006/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], solutions: [ { lang: "en", value: "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.31\n BIND 9.16.15\n BIND 9.17.12\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.31-S1\n BIND 9.16.15-S1", }, ], source: { discovery: "EXTERNAL", }, title: "An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself", workarounds: [ { lang: "en", value: "No workarounds known.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-officer@isc.org", DATE_PUBLIC: "2021-04-28T20:20:01.000Z", ID: "CVE-2021-25215", STATE: "PUBLIC", TITLE: "An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BIND9", version: { version_data: [ { version_name: "Open Source Branches 9.0 through 9.11", version_value: "9.0.0 through versions before 9.11.30", }, { version_name: "Open Source Branches 9.12 through 9.16", version_value: "9.12.0 through versions before 9.16.14", }, { version_name: "Supported Preview Branches 9.9-S through 9.11-S", version_value: "9.9.3-S1 through versions before 9.11.30-S1", }, { version_name: "Supported Preview Branch 9.16-S", version_value: "9.16.8-S1 through versions before 9.16.14-S1", }, { version_name: "Development Branch 9.17", version_value: "9.17.0 through versiosn before 9.17.12", }, ], }, }, ], }, vendor_name: "ISC", }, ], }, }, credit: [ { lang: "eng", value: "ISC would like to thank Siva Kakarla for bringing this vulnerability to our attention.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.", }, ], }, exploit: [ { lang: "en", value: "We are not aware of any active exploits.", }, ], generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way named processes these records may trigger an attempt to add the same RRset to the ANSWER section more than once. This causes an assertion check in BIND to fail. DNAME records are processed by both authoritative and recursive servers. For authoritative servers, the DNAME record triggering the flaw can be retrieved from a zone database. For servers performing recursion, such a record is processed in the course of a query sent to an authoritative server. Affects BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch.", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.isc.org/v1/docs/cve-2021-25215", refsource: "CONFIRM", url: "https://kb.isc.org/v1/docs/cve-2021-25215", }, { name: "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/04/29/1", }, { name: "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/04/29/2", }, { name: "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/04/29/3", }, { name: "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/04/29/4", }, { name: "DSA-4909", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4909", }, { name: "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html", }, { name: "FEDORA-2021-ace61cbee1", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/", }, { name: "FEDORA-2021-47f23870ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210521-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210521-0006/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, solution: [ { lang: "en", value: "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.31\n BIND 9.16.15\n BIND 9.17.12\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.31-S1\n BIND 9.16.15-S1", }, ], source: { discovery: "EXTERNAL", }, work_around: [ { lang: "en", value: "No workarounds known.", }, ], }, }, }, cveMetadata: { assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22", assignerShortName: "isc", cveId: "CVE-2021-25215", datePublished: "2021-04-29T00:55:16.726513Z", dateReserved: "2021-01-15T00:00:00", dateUpdated: "2024-09-16T22:02:24.791Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-1086
Vulnerability from cvelistv5
Published
2024-01-31 12:14
Modified
2024-08-01 18:26
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "linux_kernel", vendor: "linux", versions: [ { lessThan: "6.8", status: "affected", version: "3.15", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-1086", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T14:20:47.271139Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-05-30", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-1086", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-06-13T14:20:53.447Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:26:30.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660", }, { tags: [ "x_transferred", ], url: "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/", }, { tags: [ "x_transferred", ], url: "https://github.com/Notselwyn/CVE-2024-1086", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=39828424", }, { tags: [ "x_transferred", ], url: "https://pwning.tech/nftables/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/15/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/10/23", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/10/22", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/14/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/5", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240614-0009/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "kernel", product: "Kernel", repo: "https://git.kernel.org", vendor: "Linux", versions: [ { lessThan: "6.8", status: "affected", version: "3.15", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Notselwyn", }, ], datePublic: "2024-01-24T19:02:39+00:00", descriptions: [ { lang: "en", value: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.\n\n", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-31T12:14:34.073Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { tags: [ "patch", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660", }, { url: "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/", }, { url: "https://github.com/Notselwyn/CVE-2024-1086", }, { url: "https://news.ycombinator.com/item?id=39828424", }, { url: "https://pwning.tech/nftables/", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/15/2", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/10/23", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/10/22", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/14/1", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/17/5", }, { url: "https://security.netapp.com/advisory/ntap-20240614-0009/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", }, ], source: { discovery: "EXTERNAL", }, title: "Use-after-free in Linux kernel's netfilter: nf_tables component", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2024-1086", datePublished: "2024-01-31T12:14:34.073Z", dateReserved: "2024-01-30T20:04:09.704Z", dateUpdated: "2024-08-01T18:26:30.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8625
Vulnerability from cvelistv5
Published
2021-02-17 22:40
Modified
2024-09-16 22:40
Severity ?
EPSS score ?
Summary
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | ISC | BIND9 |
Version: Open Source Branches 9.5 though 9.11 9.5.0 through versions before 9.11.28 Version: Open Source Branches 9.12 though 9.16 9.12.0 through versions before 9.16.12 Version: Supported Preview Branch 9.11-S 9.11.3-S1 through versions before 9.11.28-S1 Version: Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.12-S1 Version: Development Branch 9.17 9.17.0 through versions before 9.17.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:03:46.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.isc.org/v1/docs/cve-2020-8625", }, { name: "DSA-4857", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4857", }, { name: "[oss-security] 20210218 BIND Operational Notification: Enabling the new BIND option \"stale-answer-client-timeout\" can result in unexpected server termination", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/02/19/1", }, { name: "[debian-lts-announce] 20210219 [SECURITY] [DLA 2568-1] bind9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html", }, { name: "[oss-security] 20210220 BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/02/20/2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-195/", }, { name: "FEDORA-2021-0595625865", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/", }, { name: "FEDORA-2021-28f97e232d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210319-0001/", }, { name: "FEDORA-2021-8b4744f152", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BIND9", vendor: "ISC", versions: [ { status: "affected", version: "Open Source Branches 9.5 though 9.11 9.5.0 through versions before 9.11.28", }, { status: "affected", version: "Open Source Branches 9.12 though 9.16 9.12.0 through versions before 9.16.12", }, { status: "affected", version: "Supported Preview Branch 9.11-S 9.11.3-S1 through versions before 9.11.28-S1", }, { status: "affected", version: "Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.12-S1", }, { status: "affected", version: "Development Branch 9.17 9.17.0 through versions before 9.17.2", }, ], }, ], credits: [ { lang: "en", value: "ISC would like to thank an anonymous party, working in conjunction with Trend Micro Zero Day Initiative, for reporting this issue to us.", }, ], datePublic: "2021-02-17T00:00:00", descriptions: [ { lang: "en", value: "BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch:GSS-TSIG is an extension to the TSIG protocol which is intended to support the secure exchange of keys for use in verifying the authenticity of communications between parties on a network. SPNEGO is a negotiation mechanism used by GSSAPI, the application protocol interface for GSS-TSIG. The SPNEGO implementation used by BIND has been found to be vulnerable to a buffer overflow attack.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-08T14:07:11", orgId: "404fd4d2-a609-4245-b543-2c944a302a22", shortName: "isc", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.isc.org/v1/docs/cve-2020-8625", }, { name: "DSA-4857", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4857", }, { name: "[oss-security] 20210218 BIND Operational Notification: Enabling the new BIND option \"stale-answer-client-timeout\" can result in unexpected server termination", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/02/19/1", }, { name: "[debian-lts-announce] 20210219 [SECURITY] [DLA 2568-1] bind9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html", }, { name: "[oss-security] 20210220 BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/02/20/2", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-195/", }, { name: "FEDORA-2021-0595625865", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/", }, { name: "FEDORA-2021-28f97e232d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210319-0001/", }, { name: "FEDORA-2021-8b4744f152", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], solutions: [ { lang: "en", value: "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.28\n BIND 9.16.12\n\nBIND Supported Preview Edition is a special feature-preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.28-S1\n BIND 9.16.12-S1\n\nAcknowledgments: ISC would like to thank an anonymous party, working in conjunction with Trend Micro Zero Day Initiative, for reporting this issue to us.", }, ], source: { discovery: "EXTERNAL", }, title: "A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack", workarounds: [ { lang: "en", value: "This vulnerability only affects servers configured to use GSS-TSIG, most often to sign dynamic updates. If another mechanism can be used to authenticate updates, the vulnerability can be avoided by choosing not to enable the use of GSS-TSIG features.\n\nOn some platforms it may be possible to build a working BIND installation that is not vulnerable to CVE-2020-8625 by providing the --disable-isc-spnego command-line argument when running the ./configure script in the top level of the BIND source directory, before compiling and linking named.\n\nChoosing to configure and build BIND without the ISC SPNEGO implementation does not produce a vulnerable BIND on any platform, but on platforms where GSSAPI support in the system is lacking, building without the ISC SPNEGO implementation may result in unusable GSSAPI features (such as an inability to use GSS-TSIG-signed DDNS updates).", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-officer@isc.org", DATE_PUBLIC: "2021-02-17T20:01:13.000Z", ID: "CVE-2020-8625", STATE: "PUBLIC", TITLE: "A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BIND9", version: { version_data: [ { version_name: "Open Source Branches 9.5 though 9.11", version_value: "9.5.0 through versions before 9.11.28", }, { version_name: "Open Source Branches 9.12 though 9.16", version_value: "9.12.0 through versions before 9.16.12", }, { version_name: "Supported Preview Branch 9.11-S", version_value: "9.11.3-S1 through versions before 9.11.28-S1", }, { version_name: "Supported Preview Branch 9.16-S", version_value: "9.16.8-S1 through versions before 9.16.12-S1", }, { version_name: "Development Branch 9.17", version_value: "9.17.0 through versions before 9.17.2", }, ], }, }, ], }, vendor_name: "ISC", }, ], }, }, credit: [ { lang: "eng", value: "ISC would like to thank an anonymous party, working in conjunction with Trend Micro Zero Day Initiative, for reporting this issue to us.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch:GSS-TSIG is an extension to the TSIG protocol which is intended to support the secure exchange of keys for use in verifying the authenticity of communications between parties on a network. SPNEGO is a negotiation mechanism used by GSSAPI, the application protocol interface for GSS-TSIG. The SPNEGO implementation used by BIND has been found to be vulnerable to a buffer overflow attack.", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.isc.org/v1/docs/cve-2020-8625", refsource: "CONFIRM", url: "https://kb.isc.org/v1/docs/cve-2020-8625", }, { name: "DSA-4857", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4857", }, { name: "[oss-security] 20210218 BIND Operational Notification: Enabling the new BIND option \"stale-answer-client-timeout\" can result in unexpected server termination", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/02/19/1", }, { name: "[debian-lts-announce] 20210219 [SECURITY] [DLA 2568-1] bind9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html", }, { name: "[oss-security] 20210220 BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/02/20/2", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-195/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-195/", }, { name: "FEDORA-2021-0595625865", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/", }, { name: "FEDORA-2021-28f97e232d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/", }, { name: "https://security.netapp.com/advisory/ntap-20210319-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210319-0001/", }, { name: "FEDORA-2021-8b4744f152", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, solution: [ { lang: "en", value: "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.28\n BIND 9.16.12\n\nBIND Supported Preview Edition is a special feature-preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.28-S1\n BIND 9.16.12-S1\n\nAcknowledgments: ISC would like to thank an anonymous party, working in conjunction with Trend Micro Zero Day Initiative, for reporting this issue to us.", }, ], source: { discovery: "EXTERNAL", }, work_around: [ { lang: "en", value: "This vulnerability only affects servers configured to use GSS-TSIG, most often to sign dynamic updates. If another mechanism can be used to authenticate updates, the vulnerability can be avoided by choosing not to enable the use of GSS-TSIG features.\n\nOn some platforms it may be possible to build a working BIND installation that is not vulnerable to CVE-2020-8625 by providing the --disable-isc-spnego command-line argument when running the ./configure script in the top level of the BIND source directory, before compiling and linking named.\n\nChoosing to configure and build BIND without the ISC SPNEGO implementation does not produce a vulnerable BIND on any platform, but on platforms where GSSAPI support in the system is lacking, building without the ISC SPNEGO implementation may result in unusable GSSAPI features (such as an inability to use GSS-TSIG-signed DDNS updates).", }, ], }, }, }, cveMetadata: { assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22", assignerShortName: "isc", cveId: "CVE-2020-8625", datePublished: "2021-02-17T22:40:16.090944Z", dateReserved: "2020-02-05T00:00:00", dateUpdated: "2024-09-16T22:40:02.277Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25136
Vulnerability from cvelistv5
Published
2023-02-03 00:00
Modified
2024-08-02 11:18
Severity ?
EPSS score ?
Summary
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:18:35.552Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/02/02/2", }, { tags: [ "x_transferred", ], url: "https://bugzilla.mindrot.org/show_bug.cgi?id=3522", }, { tags: [ "x_transferred", ], url: "https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946", }, { tags: [ "x_transferred", ], url: "https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=34711565", }, { name: "[oss-security] 20230213 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/02/13/1", }, { name: "[oss-security] 20230222 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/02/22/1", }, { name: "[oss-security] 20230222 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/02/22/2", }, { name: "[oss-security] 20230223 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/02/23/3", }, { name: "[oss-security] 20230306 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/03/06/1", }, { name: "[oss-security] 20230309 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/03/09/2", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230309-0003/", }, { name: "FEDORA-2023-1176c8b10c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/", }, { name: "FEDORA-2023-123647648e", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/", }, { name: "GLSA-202307-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202307-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states \"remote code execution is theoretically possible.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig", }, { url: "https://www.openwall.com/lists/oss-security/2023/02/02/2", }, { url: "https://bugzilla.mindrot.org/show_bug.cgi?id=3522", }, { url: "https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946", }, { url: "https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/", }, { url: "https://news.ycombinator.com/item?id=34711565", }, { name: "[oss-security] 20230213 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/02/13/1", }, { name: "[oss-security] 20230222 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/02/22/1", }, { name: "[oss-security] 20230222 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/02/22/2", }, { name: "[oss-security] 20230223 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/02/23/3", }, { name: "[oss-security] 20230306 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/03/06/1", }, { name: "[oss-security] 20230309 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/03/09/2", }, { url: "https://security.netapp.com/advisory/ntap-20230309-0003/", }, { name: "FEDORA-2023-1176c8b10c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/", }, { name: "FEDORA-2023-123647648e", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/", }, { name: "GLSA-202307-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202307-01", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-25136", datePublished: "2023-02-03T00:00:00", dateReserved: "2023-02-03T00:00:00", dateUpdated: "2024-08-02T11:18:35.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29374
Vulnerability from cvelistv5
Published
2020-11-28 06:18
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
References
▼ | URL | Tags |
---|---|---|
https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 | x_refsource_MISC | |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210115-0002/ | x_refsource_CONFIRM | |
http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5096 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:48:01.979Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210115-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5096", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-10T02:06:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210115-0002/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5096", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-29374", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", }, { name: "https://security.netapp.com/advisory/ntap-20210115-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210115-0002/", }, { name: "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5096", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-29374", datePublished: "2020-11-28T06:18:56", dateReserved: "2020-11-28T00:00:00", dateUpdated: "2024-08-04T16:48:01.979Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-4044
Vulnerability from cvelistv5
Published
2021-12-14 18:40
Modified
2024-09-17 03:17
Severity ?
EPSS score ?
Summary
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
References
▼ | URL | Tags |
---|---|---|
https://www.openssl.org/news/secadv/20211214.txt | x_refsource_CONFIRM | |
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256 | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20211229-0003/ | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:16:03.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20211214.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211229-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)", }, ], }, ], credits: [ { lang: "en", value: "Tobias Nießen", }, ], datePublic: "2021-12-14T00:00:00", descriptions: [ { lang: "en", value: "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Invalid error handling", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-29T20:06:26", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20211214.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211229-0003/", }, ], title: "Invalid handling of X509_verify_cert() internal errors in libssl", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "openssl-security@openssl.org", DATE_PUBLIC: "2021-12-14", ID: "CVE-2021-4044", STATE: "PUBLIC", TITLE: "Invalid handling of X509_verify_cert() internal errors in libssl", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OpenSSL", version: { version_data: [ { version_value: "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)", }, ], }, }, ], }, vendor_name: "OpenSSL", }, ], }, }, credit: [ { lang: "eng", value: "Tobias Nießen", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).", }, ], }, impact: [ { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Invalid error handling", }, ], }, ], }, references: { reference_data: [ { name: "https://www.openssl.org/news/secadv/20211214.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20211214.txt", }, { name: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256", refsource: "CONFIRM", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256", }, { name: "https://security.netapp.com/advisory/ntap-20211229-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211229-0003/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2021-4044", datePublished: "2021-12-14T18:40:11.901374Z", dateReserved: "2021-12-02T00:00:00", dateUpdated: "2024-09-17T03:17:39.603Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25668
Vulnerability from cvelistv5
Published
2021-05-26 11:11
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2020/10/30/1 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2020/11/04/3 | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html | mailing-list, x_refsource_MLIST | |
https://www.openwall.com/lists/oss-security/2020/11/04/3%2C | x_refsource_MISC | |
https://www.openwall.com/lists/oss-security/2020/10/30/1%2C | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210702-0005/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux Kernel |
Version: 5.9.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/10/30/1", }, { name: "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/11/04/3", }, { name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", }, { name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/3%2C", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2020/10/30/1%2C", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210702-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Linux Kernel", vendor: "n/a", versions: [ { status: "affected", version: "5.9.2", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 -> CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-02T11:06:20", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/10/30/1", }, { name: "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/11/04/3", }, { name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", }, { name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/3%2C", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2020/10/30/1%2C", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210702-0005/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-25668", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Linux Kernel", version: { version_data: [ { version_value: "5.9.2", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-362 -> CWE-416", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/10/30/1", }, { name: "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/11/04/3", }, { name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", }, { name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", }, { name: "https://www.openwall.com/lists/oss-security/2020/11/04/3,", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2020/11/04/3,", }, { name: "https://www.openwall.com/lists/oss-security/2020/10/30/1,", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2020/10/30/1,", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1893287,", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1893287,", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220", }, { name: "https://security.netapp.com/advisory/ntap-20210702-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210702-0005/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-25668", datePublished: "2021-05-26T11:11:04", dateReserved: "2020-09-16T00:00:00", dateUpdated: "2024-08-04T15:40:36.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0778
Vulnerability from cvelistv5
Published
2022-03-15 17:05
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:40:03.765Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20220315.txt", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83", }, { name: "DSA-5103", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5103", }, { name: "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", }, { name: "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", }, { name: "FEDORA-2022-a5f51502f0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", }, { name: "FEDORA-2022-9e88b5d8d7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", }, { name: "FEDORA-2022-8bb51f6901", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220321-0002/", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-06", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-07", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-08", }, { name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213257", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213256", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213255", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-09", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220429-0005/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", }, { name: "GLSA-202210-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-02", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)", }, { status: "affected", version: "Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)", }, { status: "affected", version: "Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)", }, ], }, ], credits: [ { lang: "en", value: "Tavis Ormandy (Google)", }, ], datePublic: "2022-03-15T00:00:00", descriptions: [ { lang: "en", value: "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#High", value: "High", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Infinite loop", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:07:01.186352", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { url: "https://www.openssl.org/news/secadv/20220315.txt", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83", }, { name: "DSA-5103", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5103", }, { name: "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", }, { name: "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", }, { name: "FEDORA-2022-a5f51502f0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", }, { name: "FEDORA-2022-9e88b5d8d7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", }, { name: "FEDORA-2022-8bb51f6901", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20220321-0002/", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", }, { url: "https://www.tenable.com/security/tns-2022-06", }, { url: "https://www.tenable.com/security/tns-2022-07", }, { url: "https://www.tenable.com/security/tns-2022-08", }, { name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://support.apple.com/kb/HT213257", }, { url: "https://support.apple.com/kb/HT213256", }, { url: "https://support.apple.com/kb/HT213255", }, { url: "https://www.tenable.com/security/tns-2022-09", }, { url: "https://security.netapp.com/advisory/ntap-20220429-0005/", }, { url: "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", }, { name: "GLSA-202210-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202210-02", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "Infinite loop in BN_mod_sqrt() reachable when parsing certificates", }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2022-0778", datePublished: "2022-03-15T17:05:20.382533Z", dateReserved: "2022-02-28T00:00:00", dateUpdated: "2024-09-17T00:01:02.190Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-02-17 23:15
Modified
2024-11-21 05:39
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
isc | bind | * | |
isc | bind | * | |
isc | bind | 9.11.3 | |
isc | bind | 9.11.5 | |
isc | bind | 9.11.5 | |
isc | bind | 9.11.6 | |
isc | bind | 9.11.7 | |
isc | bind | 9.11.8 | |
isc | bind | 9.11.21 | |
isc | bind | 9.11.27 | |
isc | bind | 9.16.8 | |
isc | bind | 9.16.11 | |
isc | bind | 9.17.0 | |
isc | bind | 9.17.1 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 | |
fedoraproject | fedora | 34 | |
siemens | sinec_infrastructure_network_services | * | |
netapp | cloud_backup | - | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | 500f_firmware | - | |
netapp | 500f | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", matchCriteriaId: "1616B77F-1036-4439-8626-347A294D4332", versionEndIncluding: "9.11.27", versionStartIncluding: "9.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", matchCriteriaId: "4C35BEC1-0A44-441A-871D-5D4C06108E94", versionEndIncluding: "9.16.11", versionStartIncluding: "9.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "C2FE13E1-0646-46FC-875B-CB4C34E20101", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", matchCriteriaId: "1AA16E51-819C-4A1B-B66E-1C60C1782C0D", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*", matchCriteriaId: "91533F9F-C0E5-4E84-8A4C-F744F956BF97", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "8AF9D390-0D5B-4963-A2D3-BF1E7CD95E9D", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "AB2B92F1-6BA8-41CA-9000-E0633462CC28", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "02CA4635-7DFC-408E-A837-856E0F96CA1B", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "5CC1F26C-4757-4C87-BD8B-2FA456A88C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "582A4948-B64F-45D4-807A-846A85BB6B42", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "288EAD80-574B-4839-9C2C-81D6D088A733", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "3595F024-F910-4356-8B5B-D478960FF574", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.17.0:*:*:*:*:*:*:*", matchCriteriaId: "6622078E-6720-48FF-AF88-511B95527A6B", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.17.1:*:*:*:*:*:*:*", matchCriteriaId: "9AB78688-703F-4A10-8778-69933BCD3416", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch", }, { lang: "es", value: "Los servidores BIND son vulnerables si ejecutan una versión afectada y están configurados para usar las funcionalidades GSS-TSIG. En una configuración que usa la configuración predeterminada de BIND, la ruta del código vulnerable no está expuesta, pero un servidor puede volverse vulnerable estableciendo explícitamente valores válidos para las opciones de configuración tkey-gssapi-keytab o tkey-gssapi-credential. Aunque la configuración predeterminada no es vulnerable, GSS-TSIG se usa con frecuencia en redes donde BIND está integrado con Samba, así como entornos de servidores mixtos que combinan servidores BIND con controladores de dominio de Active Directory. El resultado más probable de una explotación con éxito de la vulnerabilidad es un bloqueo del proceso nombrado. Sin embargo, la ejecución de código remota, aunque no está probada, es teóricamente posible. Afecta: BIND versiones 9.5.0 hasta 9.11.27, versiones 9.12.0 hasta 9.16.11 y versiones de BIND 9.11.3-S1 hasta 9.11.27-S1 y versiones 9.16.8-S1 hasta 9.16.11-S1 de BIND Supported Preview Edition. También versiones de lanzamiento 9.17.0 hasta 9.17.1 de la rama de desarrollo de BIND versión 9.17", }, ], id: "CVE-2020-8625", lastModified: "2024-11-21T05:39:09.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "security-officer@isc.org", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-17T23:15:13.530", references: [ { source: "security-officer@isc.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/19/1", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/20/2", }, { source: "security-officer@isc.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "security-officer@isc.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://kb.isc.org/v1/docs/cve-2020-8625", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/", }, { source: "security-officer@isc.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210319-0001/", }, { source: "security-officer@isc.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4857", }, { source: "security-officer@isc.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-195/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/19/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/20/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://kb.isc.org/v1/docs/cve-2020-8625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210319-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-195/", }, ], sourceIdentifier: "security-officer@isc.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-04 18:15
Modified
2024-11-21 04:39
Severity ?
Summary
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnu | glibc | * | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 | |
netapp | ontap_select_deploy_administration_utility | - | |
netapp | service_processor | - | |
broadcom | fabric_operating_system | - | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | 500f_firmware | - | |
netapp | 500f | - | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", matchCriteriaId: "8D747200-4C8A-4BAE-9818-BD1458253D8F", versionEndIncluding: "2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", matchCriteriaId: "146A767F-DC04-454B-9913-17D3A2B5AAA4", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.", }, { lang: "es", value: "La funcionalidad iconv en la biblioteca GNU C (también se conoce como glibc o libc6) versiones hasta 2.32, cuando se procesan secuencias de entrada multibyte no válidas en la codificación EUC-KR, puede tener una lectura excesiva del búfer.", }, ], id: "CVE-2019-25013", lastModified: "2024-11-21T04:39:44.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-04T18:15:13.027", references: [ { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-07", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0004/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24973", }, { source: "cve@mitre.org", url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b", }, { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24973", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-26 23:15
Modified
2024-11-21 05:21
Severity ?
Summary
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnu | glibc | * | |
netapp | ontap_select_deploy_administration_utility | - | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | 500f_firmware | - | |
netapp | 500f | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h300e_firmware | - | |
netapp | h300e | - | |
netapp | h500e_firmware | - | |
netapp | h500e | - | |
netapp | h700e_firmware | - | |
netapp | h700e | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
oracle | communications_cloud_native_core_service_communication_proxy | 1.14.0 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", matchCriteriaId: "8D747200-4C8A-4BAE-9818-BD1458253D8F", versionEndIncluding: "2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "0AB059F2-FEC4-4180-8A90-39965495055E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.", }, { lang: "es", value: "La función iconv en la biblioteca GNU C (también se conoce como glibc o libc6) versiones 2.32 y anteriores, cuando se procesa secuencias de entrada de múltiples bytes no validas en codificaciones IBM1364, IBM1371, IBM1388, IBM1390 e IBM1399, presenta un fallo al avanzar el estado de la entrada, lo que podría conllevar a un bucle infinito en las aplicaciones, resultando en una denegación de servicio, una vulnerabilidad diferente de CVE-2016-10228", }, ], id: "CVE-2020-27618", lastModified: "2024-11-21T05:21:29.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-26T23:15:11.123", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-07", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210401-0006/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=26224", }, { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210401-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=26224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-29 01:15
Modified
2024-11-21 05:54
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
isc | bind | * | |
isc | bind | * | |
isc | bind | * | |
isc | bind | 9.9.3 | |
isc | bind | 9.9.12 | |
isc | bind | 9.9.13 | |
isc | bind | 9.10.5 | |
isc | bind | 9.10.7 | |
isc | bind | 9.11.3 | |
isc | bind | 9.11.5 | |
isc | bind | 9.11.5 | |
isc | bind | 9.11.5 | |
isc | bind | 9.11.6 | |
isc | bind | 9.11.7 | |
isc | bind | 9.11.8 | |
isc | bind | 9.11.12 | |
isc | bind | 9.11.21 | |
isc | bind | 9.11.27 | |
isc | bind | 9.11.29 | |
isc | bind | 9.16.8 | |
isc | bind | 9.16.11 | |
isc | bind | 9.16.13 | |
fedoraproject | fedora | 33 | |
fedoraproject | fedora | 34 | |
netapp | active_iq_unified_manager | - | |
netapp | cloud_backup | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h300e_firmware | - | |
netapp | h300e | - | |
netapp | h500e_firmware | - | |
netapp | h500e | - | |
netapp | h700e_firmware | - | |
netapp | h700e | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | 500f_firmware | - | |
netapp | 500f | - | |
oracle | tekelec_platform_distribution | * | |
siemens | sinec_infrastructure_network_services | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", matchCriteriaId: "18B8AA9D-C4D1-4F3B-9440-FC29D925961D", versionEndExcluding: "9.11.31", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", matchCriteriaId: "E38EFB1A-11B5-403F-815F-4899E7007D02", versionEndExcluding: "9.16.15", versionStartIncluding: "9.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", matchCriteriaId: "00F9BCC7-51F7-47EE-AFCE-946F24CC3694", versionEndExcluding: "9.17.12", versionStartIncluding: "9.17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "40EE014B-0CD8-45F3-BEDB-AE6368A78B04", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "DAF8FA8C-0526-4389-AEC6-92AD62AA3929", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "1A9BA952-A5DF-4CBA-8928-0B373C013C32", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "CAD41122-C5D8-4256-8CB7-FF88DCD96A13", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "6243685F-1E5B-4FF6-AE1B-44798032FBA6", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "C2FE13E1-0646-46FC-875B-CB4C34E20101", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", matchCriteriaId: "1AA16E51-819C-4A1B-B66E-1C60C1782C0D", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*", matchCriteriaId: "91533F9F-C0E5-4E84-8A4C-F744F956BF97", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:*", matchCriteriaId: "46E6A4BD-D69B-4A70-821D-5612DD1315EF", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "8AF9D390-0D5B-4963-A2D3-BF1E7CD95E9D", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "AB2B92F1-6BA8-41CA-9000-E0633462CC28", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "02CA4635-7DFC-408E-A837-856E0F96CA1B", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "3CABCB08-B838-45F7-AA87-77C6B8767DD0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "5CC1F26C-4757-4C87-BD8B-2FA456A88C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "582A4948-B64F-45D4-807A-846A85BB6B42", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.11.29:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "F22E7F6A-0714-480D-ACDF-5027FD6697B2", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "288EAD80-574B-4839-9C2C-81D6D088A733", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "3595F024-F910-4356-8B5B-D478960FF574", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "94661BA2-27F8-4FFE-B844-9404F735579D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*", matchCriteriaId: "26F05F85-7458-4C8F-B93F-93C92E506A40", versionEndIncluding: "7.7.1", versionStartIncluding: "7.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.", }, { lang: "es", value: "En BIND versiones 9.0.0 posteriores a 9.11.29, versiones 9.12.0 posteriores a 9.16.13, y BIND versiones 9.9.3-S1 posteriores a 9.11.29-S1 y versiones 9.16.8-S1 posteriores a 9.16.13-S1 de BIND Supported Preview Edition, así como versiones de lanzamiento 9.17.0 posteriores a 9.17.11 de la rama de desarrollo de BIND versión 9.17, cuando una versión vulnerable de named recibe una consulta para un registro que desencadena un fallo descrito anteriormente, el proceso named terminará debido a un comprobación de afirmación fallido. La vulnerabilidad afecta a todas las ramas de BIND 9 que se mantienen actualmente (9.11, 9.11-S, 9.16, 9.16-S, 9.17), así como a todas las demás versiones de BIND 9", }, ], id: "CVE-2021-25215", lastModified: "2024-11-21T05:54:33.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-officer@isc.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-29T01:15:08.013", references: [ { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/1", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/2", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/3", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/4", }, { source: "security-officer@isc.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "security-officer@isc.org", tags: [ "Vendor Advisory", ], url: "https://kb.isc.org/v1/docs/cve-2021-25215", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/", }, { source: "security-officer@isc.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210521-0006/", }, { source: "security-officer@isc.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4909", }, { source: "security-officer@isc.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/04/29/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.isc.org/v1/docs/cve-2021-25215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210521-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4909", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security-officer@isc.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-617", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-03 06:15
Modified
2024-11-21 07:49
Severity ?
Summary
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openbsd | openssh | 9.1 | |
fedoraproject | fedora | 37 | |
fedoraproject | fedora | 38 | |
netapp | ontap_select_deploy_administration_utility | - | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | 500f_firmware | - | |
netapp | 500f | - | |
netapp | c250_firmware | - | |
netapp | c250 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:9.1:*:*:*:*:*:*:*", matchCriteriaId: "779485D0-83A2-404C-9477-82BDE8D63A40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F1AB1EC2-2560-494A-A51B-6F20CE318FEB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:*", matchCriteriaId: "58DE2B52-4E49-4CD0-9310-00291B0352C7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states \"remote code execution is theoretically possible.\"", }, { lang: "es", value: "OpenSSH server (sshd) v9.1 introdujo una vulnerabilidad de doble liberación durante el manejo de \"options.key_algorithms\". Esto se ha corregido en OpenSSH v9.2. La doble liberación puede ser aprovechada por un atacante remoto no autenticado en la configuración por defecto, para saltar a cualquier ubicación en el espacio de direcciones de sshd. Un informe de terceros afirma que \"la ejecución remota de código es teóricamente posible\".", }, ], id: "CVE-2023-25136", lastModified: "2024-11-21T07:49:10.877", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-03T06:15:09.350", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/02/13/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/02/22/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/02/22/2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/02/23/3", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/03/06/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/03/09/2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.mindrot.org/show_bug.cgi?id=3522", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://news.ycombinator.com/item?id=34711565", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202307-01", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230309-0003/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2023/02/02/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/02/13/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/02/22/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/02/22/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/02/23/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/03/06/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/03/09/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.mindrot.org/show_bug.cgi?id=3522", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://news.ycombinator.com/item?id=34711565", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202307-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230309-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2023/02/02/2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-415", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-14 19:15
Modified
2024-11-21 06:36
Severity ?
Summary
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openssl | openssl | * | |
openssl | openssl | 1.1.0 | |
openssl | openssl | 3.0.0 | |
netapp | cloud_backup | - | |
netapp | e-series_performance_analyzer | - | |
netapp | ontap_select_deploy_administration_utility | - | |
netapp | snapcenter | - | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | 500f_firmware | - | |
netapp | 500f | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h300e_firmware | - | |
netapp | h300e | - | |
netapp | h500e_firmware | - | |
netapp | h500e | - | |
netapp | h700e_firmware | - | |
netapp | h700e | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
nodejs | node.js | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "D53A6288-46D2-452F-95DA-ADA3A55544E5", versionEndExcluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "73104834-5810-48DD-9B97-549D223853F1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5D1E839A-4780-412E-9F02-DD3029A0B8EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "EF176509-5AA8-4644-84E5-051964AECCE5", versionEndExcluding: "17.3.0", versionStartIncluding: "17.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).", }, { lang: "es", value: "Internamente libssl en OpenSSL llama a X509_verify_cert() en el lado del cliente para verificar un certificado suministrado por un servidor. Esta función puede devolver un valor negativo para indicar un error interno (por ejemplo, falta de memoria). Tal valor de retorno negativo es mal manejado por OpenSSL y causará que una función IO (como SSL_connect() o SSL_do_handshake()) no indique el éxito y una llamada posterior a SSL_get_error() devuelva el valor SSL_ERROR_WANT_RETRY_VERIFY. Este valor de retorno sólo debe ser devuelto por OpenSSL si la aplicación ha llamado previamente a SSL_CTX_set_cert_verify_callback(). Como la mayoría de las aplicaciones no hacen esto, el valor de retorno SSL_ERROR_WANT_RETRY_VERIFY de SSL_get_error() será totalmente inesperado y las aplicaciones pueden no comportarse correctamente como resultado. El comportamiento exacto dependerá de la aplicación, pero podría resultar en bloqueos, bucles infinitos u otras respuestas incorrectas similares. Este problema se agrava en combinación con otro fallo en OpenSSL versión 3.0 que hará que X509_verify_cert() indique un error interno cuando procesa una cadena de certificados. Esto ocurrirá cuando un certificado no incluya la extensión de nombre alternativo del sujeto pero cuando una autoridad de certificación haya aplicado restricciones de nombre. Este problema puede producirse incluso con cadenas válidas. Combinando los dos problemas, un atacante podría inducir un comportamiento incorrecto y dependiente de la aplicación. Corregido en OpenSSL versión 3.0.1 (Afectado 3.0.0)", }, ], id: "CVE-2021-4044", lastModified: "2024-11-21T06:36:47.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-14T19:15:07.807", references: [ { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211229-0003/", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20211214.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211229-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20211214.txt", }, ], sourceIdentifier: "openssl-security@openssl.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-29 05:15
Modified
2024-11-21 06:06
Severity ?
Summary
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html | Mailing List, Vendor Advisory | |
cve@mitre.org | https://security.netapp.com/advisory/ntap-20210618-0002/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html | Mailing List, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210618-0002/ | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnu | wget | * | |
broadcom | brocade_fabric_operating_system_firmware | - | |
netapp | cloud_backup | - | |
netapp | ontap_select_deploy_administration_utility | - | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | 500f_firmware | - | |
netapp | 500f | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*", matchCriteriaId: "2FB17F65-078F-4E8C-893D-3CF3FD8B2A5C", versionEndIncluding: "1.21.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", }, { lang: "es", value: "GNU Wget versiones hasta 1.21.1, no omite el encabezado Authorization tras un redireccionamiento a un origen diferente, un problema relacionado con CVE-2018-1000007", }, ], id: "CVE-2021-31879", lastModified: "2024-11-21T06:06:25.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-29T05:15:08.707", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-31 13:15
Modified
2025-01-27 20:55
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | 6.8 | |
fedoraproject | fedora | 39 | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_for_ibm_z_systems | 7.0_s390x | |
redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 | |
redhat | enterprise_linux_for_power_little_endian | 7.0_ppc64le | |
redhat | enterprise_linux_server | 7.0 | |
redhat | enterprise_linux_workstation | 7.0 | |
debian | debian_linux | 10.0 | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | 500f_firmware | - | |
netapp | 500f | - | |
netapp | c250_firmware | - | |
netapp | c250 | - |
{ cisaActionDue: "2024-06-20", cisaExploitAdd: "2024-05-30", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Linux Kernel Use-After-Free Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "9E23B69A-DC79-4ABD-A29D-0CFDFA41F671", versionEndExcluding: "5.15.149", versionStartIncluding: "3.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "6C314DAC-5C93-4D09-A1E8-B29BCFCEC928", versionEndExcluding: "6.1.76", versionStartIncluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "87C718CB-AE3D-4B07-B4D9-BFF64183C468", versionEndExcluding: "6.6.15", versionStartIncluding: "6.2", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "58FD5308-148A-40D3-B36A-0CA6B434A8BF", versionEndExcluding: "6.7.3", versionStartIncluding: "6.7", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", matchCriteriaId: "B9F4EA73-0894-400F-A490-3A397AB7A517", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2148300C-ECBD-4ED5-A164-79629859DD43", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8BCF87FD-9358-42A5-9917-25DF0180A5A6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "7A584AAA-A14F-4C64-8FED-675DC36F69A3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F1AB1EC2-2560-494A-A51B-6F20CE318FEB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:*", matchCriteriaId: "58DE2B52-4E49-4CD0-9310-00291B0352C7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.\n\n", }, { lang: "es", value: "Una vulnerabilidad de use after free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. La función nft_verdict_init() permite valores positivos como error de eliminación dentro del veredicto del gancho y, por lo tanto, la función nf_hook_slow() puede causar una vulnerabilidad double free cuando NF_DROP se emite con un error de eliminación similar a NF_ACCEPT. Recomendamos actualizar después del compromiso f342de4e2f33e0e39165d8639387aa6c19dff660.", }, ], id: "CVE-2024-1086", lastModified: "2025-01-27T20:55:05.757", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "cve-coordination@google.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-31T13:15:10.827", references: [ { source: "cve-coordination@google.com", tags: [ "Mailing List", "Patch", ], url: "http://www.openwall.com/lists/oss-security/2024/04/10/22", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", "Patch", ], url: "http://www.openwall.com/lists/oss-security/2024/04/10/23", }, { source: "cve-coordination@google.com", tags: [ "Exploit", "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/04/14/1", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/04/15/2", }, { source: "cve-coordination@google.com", tags: [ "Exploit", "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/5", }, { source: "cve-coordination@google.com", tags: [ "Patch", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660", }, { source: "cve-coordination@google.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Notselwyn/CVE-2024-1086", }, { source: "cve-coordination@google.com", tags: [ "Patch", ], url: "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/", }, { source: "cve-coordination@google.com", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=39828424", }, { source: "cve-coordination@google.com", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://pwning.tech/nftables/", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240614-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "http://www.openwall.com/lists/oss-security/2024/04/10/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "http://www.openwall.com/lists/oss-security/2024/04/10/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/04/14/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/04/15/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Notselwyn/CVE-2024-1086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=39828424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://pwning.tech/nftables/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240614-0009/", }, ], sourceIdentifier: "cve-coordination@google.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "cve-coordination@google.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-26 12:15
Modified
2024-11-21 05:18
Severity ?
Summary
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
debian | debian_linux | 9.0 | |
netapp | cloud_backup | - | |
netapp | solidfire_\&_hci_management_node | - | |
netapp | solidfire_baseboard_management_controller_firmware | - | |
netapp | solidfire_baseboard_management_controller | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h300e_firmware | - | |
netapp | h300e | - | |
netapp | h500e_firmware | - | |
netapp | h500e | - | |
netapp | h700e_firmware | - | |
netapp | h700e | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | 500f_firmware | - | |
netapp | 500f | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "987CF6CC-7083-4045-89DA-8E3210D903F0", versionEndExcluding: "4.4.242", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "607F991B-A645-4B37-AF98-BD4B9B1DBC1B", versionEndExcluding: "4.9.242", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B4E6B3A9-5848-46DF-93A5-6C1D677DBAB3", versionEndExcluding: "4.14.204", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "61F20A9F-6DA5-4498-AF1E-B63EA84CA3C8", versionEndExcluding: "4.19.155", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AAD5B8FD-0B39-4703-BEAD-416748572631", versionEndExcluding: "5.4.75", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "5920FDB4-0E83-4A68-A361-6CE1CB05000F", versionEndExcluding: "5.9.5", versionStartIncluding: "5.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.", }, { lang: "es", value: "Se encontró un fallo en el Kernel de Linux porque el acceso a la variable global fg_console no está correctamente sincronizado, conllevando a un uso de la memoria previamente liberada en la función con_font_op", }, ], id: "CVE-2020-25668", lastModified: "2024-11-21T05:18:24.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-26T12:15:15.687", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/10/30/1", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/11/04/3", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210702-0005/", }, { source: "secalert@redhat.com", url: "https://www.openwall.com/lists/oss-security/2020/10/30/1%2C", }, { source: "secalert@redhat.com", url: "https://www.openwall.com/lists/oss-security/2020/11/04/3%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/10/30/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/11/04/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210702-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.openwall.com/lists/oss-security/2020/10/30/1%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.openwall.com/lists/oss-security/2020/11/04/3%2C", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-662", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-28 07:15
Modified
2024-11-21 05:23
Severity ?
Summary
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
netapp | 500f_firmware | - | |
netapp | 500f | - | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - | |
netapp | solidfire_\&_hci_management_node | - | |
netapp | solidfire_\&_hci_storage_node | - | |
netapp | hci_compute_node_bios | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "9D2A5683-E016-4DD2-9AB1-D538551B122F", versionEndExcluding: "5.7.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*", matchCriteriaId: "7C61DF9A-ABDE-44A2-A060-B088428D5064", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.", }, { lang: "es", value: "Se detectó un problema en el kernel de Linux versiones anteriores a 5.7.3, relacionado con los archivos mm/gup.c y mm/huge_memory.c. La implementación de la función get_user_pages (también se conoce como gup), cuando se usa para una página copy-on-write, no considera apropiadamente la semántica de las operaciones de lectura y, por lo tanto, puede otorgar acceso de escritura involuntario, también se conoce como CID-17839856fd58", }, ], id: "CVE-2020-29374", lastModified: "2024-11-21T05:23:56.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-28T07:15:11.960", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210115-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210115-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5096", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-15 17:15
Modified
2024-11-21 06:39
Severity ?
Summary
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openssl | openssl | * | |
openssl | openssl | * | |
openssl | openssl | * | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 | |
netapp | cloud_volumes_ontap_mediator | - | |
netapp | clustered_data_ontap | - | |
netapp | clustered_data_ontap_antivirus_connector | - | |
netapp | santricity_smi-s_provider | - | |
netapp | storagegrid | - | |
netapp | a250_firmware | - | |
netapp | a250 | - | |
netapp | 500f_firmware | - | |
netapp | 500f | - | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 36 | |
tenable | nessus | * | |
tenable | nessus | * | |
mariadb | mariadb | * | |
mariadb | mariadb | * | |
mariadb | mariadb | * | |
mariadb | mariadb | * | |
mariadb | mariadb | * | |
mariadb | mariadb | * | |
nodejs | node.js | * | |
nodejs | node.js | * | |
nodejs | node.js | * | |
nodejs | node.js | * | |
nodejs | node.js | * | |
nodejs | node.js | * | |
nodejs | node.js | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "F3BC593C-D7BB-42A8-9488-BE910A8C3B68", versionEndExcluding: "1.0.2zd", versionStartIncluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "16D7B14C-9D04-40AC-9FCE-73D3DF468DB2", versionEndExcluding: "1.1.1n", versionStartIncluding: "1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "E7225F27-E0BC-4716-AF68-8D68EE90F7CE", versionEndExcluding: "3.0.2", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*", matchCriteriaId: "280AA828-6FA9-4260-8EC1-019423B966E1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "361B791A-D336-4431-8F68-8135BEFFAEA2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", matchCriteriaId: "1188273E-D496-41A9-AE16-75C0EB70EFB2", versionEndExcluding: "8.15.4", vulnerable: true, }, { criteria: "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", matchCriteriaId: "644DD241-261E-41A3-86B5-C0834502EA81", versionEndExcluding: "10.1.2", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "49CFE4A3-DDFC-4801-8C68-510EB5CFBC36", versionEndExcluding: "10.2.42", versionStartIncluding: "10.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "F8EB13E9-AFD7-4E82-A471-61201460CAC4", versionEndExcluding: "10.3.33", versionStartIncluding: "10.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "3EFE42EF-DB07-4DD4-A40C-6DD6A7D1E6DC", versionEndExcluding: "10.4.23", versionStartIncluding: "10.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "E3C63CE6-6B86-4C48-8D30-DC74CA83C5EC", versionEndExcluding: "10.5.14", versionStartIncluding: "10.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "09ADA35C-125F-4970-ACB7-36A9CC3516BF", versionEndExcluding: "10.6.6", versionStartIncluding: "10.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "E0435104-B0F9-4997-A769-36821689DF45", versionEndExcluding: "10.7.2", versionStartIncluding: "10.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "564ED5C8-50D7-413A-B88E-E62B6C07336A", versionEndIncluding: "12.12.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "274A9803-2997-4E65-BDB0-8B5C23120CD1", versionEndExcluding: "12.22.11", versionStartIncluding: "12.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "05678B4E-5F27-4096-8E9B-38B84A7E7793", versionEndIncluding: "14.14.0", versionStartExcluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "CECEE1EE-B2A2-476B-82AE-48DFF6F1729A", versionEndExcluding: "14.19.1", versionStartIncluding: "14.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "DC9C8402-7102-4BCF-8A49-CFDF1C59B92F", versionEndIncluding: "16.12.0", versionStartExcluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "3DF34038-6987-4196-B5E7-FF5656D1EE5A", versionEndExcluding: "16.14.2", versionStartIncluding: "16.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "0AD8D8BB-702C-4FDF-A0A2-872744B8BF68", versionEndExcluding: "17.7.2", versionStartExcluding: "17.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", }, { lang: "es", value: "La función BN_mod_sqrt(), que calcula una raíz cuadrada modular, contiene un error que puede causar un bucle eterno para módulos no primos. Internamente, esta función es usado cuando son analizados certificados que contienen claves públicas de curva elíptica en forma comprimida o parámetros de curva elíptica explícitos con un punto base codificado en forma comprimida. Es posible desencadenar el bucle infinito si es diseñado un certificado con parámetros de curva explícitos no válidos. Dado que el análisis del certificado es realizado antes de la verificación de la firma del certificado, cualquier proceso que analice un certificado suministrado externamente puede ser objeto de un ataque de denegación de servicio. El bucle infinito también puede alcanzarse cuando son analizadas claves privadas diseñadas, ya que pueden contener parámetros explícitos de la curva elíptica. Por lo tanto, las situaciones vulnerables incluyen: - Clientes TLS que consumen certificados de servidor - Servidores TLS que consumen certificados de cliente - Proveedores de hosting que toman certificados o claves privadas de clientes - Autoridades de certificación que analizan peticiones de certificación de suscriptores - Cualquier otra cosa que analice parámetros de curva elíptica ASN.1 También cualquier otra aplicación que utilice BN_mod_sqrt() donde el atacante pueda controlar los valores de los parámetros es vulnerable a este problema de DoS. En OpenSSL versión 1.0.2, la clave pública no es analizada durante el análisis inicial del certificado, lo que dificulta ligeramente la activación del bucle infinito. Sin embargo, cualquier operación que requiera la clave pública del certificado desencadenará el bucle infinito. En particular, el atacante puede usar un certificado autofirmado para desencadenar el bucle durante la verificación de la firma del certificado. Este problema afecta a OpenSSL versiones 1.0.2, 1.1.1 y 3.0. Fue abordado en las versiones 1.1.1n y 3.0.2 del 15 de marzo de 2022. Corregido en OpenSSL versión 3.0.2 (Afectado 3.0.0,3.0.1). Corregido en OpenSSL versión 1.1.1n (Afectado 1.1.1-1.1.1m). Corregido en OpenSSL versión 1.0.2zd (Afectado 1.0.2-1.0.2zc)", }, ], id: "CVE-2022-0778", lastModified: "2024-11-21T06:39:22.540", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-15T17:15:08.513", references: [ { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-02", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220321-0002/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220429-0005/", }, { source: "openssl-security@openssl.org", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213255", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213256", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213257", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5103", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20220315.txt", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2022-06", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2022-07", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2022-08", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2022-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220321-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220429-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20220315.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2022-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2022-07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2022-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2022-09", }, ], sourceIdentifier: "openssl-security@openssl.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }