Vulnerabilites related to hp - helion_openstack
cve-2022-27239
Vulnerability from cvelistv5
Published
2022-04-27 00:00
Modified
2024-08-03 05:25
Severity ?
EPSS score ?
Summary
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:25:32.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1197216", }, { tags: [ "x_transferred", ], url: "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba", }, { tags: [ "x_transferred", ], url: "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765", }, { tags: [ "x_transferred", ], url: "https://bugzilla.samba.org/show_bug.cgi?id=15025", }, { tags: [ "x_transferred", ], url: "https://github.com/piastry/cifs-utils/pull/7", }, { name: "FEDORA-2022-eb2d3ca94d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/", }, { name: "FEDORA-2022-7fda04ab5a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/", }, { name: "FEDORA-2022-34de4f833d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/", }, { name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html", }, { name: "DSA-5157", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5157", }, { name: "GLSA-202311-05", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-05", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-24T15:06:24.937043", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.suse.com/show_bug.cgi?id=1197216", }, { url: "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba", }, { url: "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765", }, { url: "https://bugzilla.samba.org/show_bug.cgi?id=15025", }, { url: "https://github.com/piastry/cifs-utils/pull/7", }, { name: "FEDORA-2022-eb2d3ca94d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/", }, { name: "FEDORA-2022-7fda04ab5a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/", }, { name: "FEDORA-2022-34de4f833d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/", }, { name: "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html", }, { name: "DSA-5157", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5157", }, { name: "GLSA-202311-05", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202311-05", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-27239", datePublished: "2022-04-27T00:00:00", dateReserved: "2022-03-18T00:00:00", dateUpdated: "2024-08-03T05:25:32.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3683
Vulnerability from cvelistv5
Published
2020-01-17 11:10
Modified
2024-09-17 02:53
Severity ?
EPSS score ?
Summary
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1124864 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | SUSE Openstack Cloud 8 |
Version: keystone-json-assignment < d7888c75505465490250c00cc0ef4bb1af662f9f |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:17.419Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1124864", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SUSE Openstack Cloud 8", vendor: "SUSE", versions: [ { lessThan: "d7888c75505465490250c00cc0ef4bb1af662f9f", status: "affected", version: "keystone-json-assignment", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Kurt Garloff by SUSE", }, ], datePublic: "2019-02-18T00:00:00", descriptions: [ { lang: "en", value: "The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full \"member\" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-732", description: "CWE-732: Incorrect Permission Assignment for Critical Resource", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-17T11:10:12", orgId: "404e59f5-483d-4b8a-8e7a-e67604dd8afb", shortName: "suse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1124864", }, ], source: { advisory: "https://bugzilla.suse.com/show_bug.cgi?id=1124864", defect: [ "1124864", ], discovery: "INTERNAL", }, title: "keystone_json_assignment backend granted access to any project for users in user-project-map.json", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@suse.com", DATE_PUBLIC: "2019-02-18T00:00:00.000Z", ID: "CVE-2019-3683", STATE: "PUBLIC", TITLE: "keystone_json_assignment backend granted access to any project for users in user-project-map.json", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SUSE Openstack Cloud 8", version: { version_data: [ { version_affected: "<", version_name: "keystone-json-assignment", version_value: "d7888c75505465490250c00cc0ef4bb1af662f9f", }, ], }, }, ], }, vendor_name: "SUSE", }, ], }, }, credit: [ { lang: "eng", value: "Kurt Garloff by SUSE", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full \"member\" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-732: Incorrect Permission Assignment for Critical Resource", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.suse.com/show_bug.cgi?id=1124864", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1124864", }, ], }, source: { advisory: "https://bugzilla.suse.com/show_bug.cgi?id=1124864", defect: [ "1124864", ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "404e59f5-483d-4b8a-8e7a-e67604dd8afb", assignerShortName: "suse", cveId: "CVE-2019-3683", datePublished: "2020-01-17T11:10:12.100176Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T02:53:23.354Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3710
Vulnerability from cvelistv5
Published
2016-05-11 21:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.465Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://xenbits.xen.org/xsa/advisory-179.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "RHSA-2016:0999", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0999.html", }, { name: "90316", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/90316", }, { name: "RHSA-2016:0725", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0725.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "RHSA-2016:1000", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1000.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.citrix.com/article/CTX212736", }, { name: "RHSA-2016:1002", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1002.html", }, { name: "RHSA-2016:1001", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1001.html", }, { name: "RHSA-2016:0997", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0997.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862", }, { name: "1035794", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035794", }, { name: "RHSA-2016:1943", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1943.html", }, { name: "RHSA-2016:1019", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1019.html", }, { name: "USN-2974-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2974-1", }, { name: "[oss-security] 20160509 CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/05/09/3", }, { name: "RHSA-2016:0724", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0724.html", }, { name: "[Qemu-devel] 20160509 [PULL 1/5] vga: fix banked access bounds checking (CVE-2016-3710)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html", }, { name: "RHSA-2016:1224", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1224", }, { name: "DSA-3573", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3573", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-09T00:00:00", descriptions: [ { lang: "en", value: "The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the \"Dark Portal\" issue.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://xenbits.xen.org/xsa/advisory-179.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "RHSA-2016:0999", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0999.html", }, { name: "90316", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/90316", }, { name: "RHSA-2016:0725", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0725.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "RHSA-2016:1000", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1000.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.citrix.com/article/CTX212736", }, { name: "RHSA-2016:1002", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1002.html", }, { name: "RHSA-2016:1001", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1001.html", }, { name: "RHSA-2016:0997", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0997.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862", }, { name: "1035794", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035794", }, { name: "RHSA-2016:1943", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1943.html", }, { name: "RHSA-2016:1019", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1019.html", }, { name: "USN-2974-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2974-1", }, { name: "[oss-security] 20160509 CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/05/09/3", }, { name: "RHSA-2016:0724", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0724.html", }, { name: "[Qemu-devel] 20160509 [PULL 1/5] vga: fix banked access bounds checking (CVE-2016-3710)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html", }, { name: "RHSA-2016:1224", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1224", }, { name: "DSA-3573", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3573", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3710", datePublished: "2016-05-11T21:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7547
Vulnerability from cvelistv5
Published
2016-02-18 21:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1035020", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035020", }, { name: "HPSBGN03582", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=146161017210491&w=2", }, { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "RHSA-2016:0175", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0175.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18665", }, { name: "HPSBGN03551", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145857691004892&w=2", }, { name: "RHSA-2016:0225", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0225.html", }, { name: "FEDORA-2016-0f9e9a34ce", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161", }, { name: "DSA-3481", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "USN-2900-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://ubuntu.com/usn/usn-2900-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "RHSA-2016:0277", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0277.html", }, { name: "openSUSE-SU-2016:0511", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20160217-0002/", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/len_5450", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2017-08", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0002.html", }, { name: "HPSBGN03549", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145672440608228&w=2", }, { name: "83265", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/83265", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "GLSA-201602-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201602-02", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937", }, { name: "HPSBGN03547", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145596041017029&w=2", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "40339", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40339/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa114", }, { name: "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1293532", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html", }, { name: "RHSA-2016:0176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0176.html", }, { name: "FEDORA-2016-0480defc94", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", }, { name: "openSUSE-SU-2016:0512", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01", }, { name: "39454", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39454/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.citrix.com/article/CTX206991", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en", }, { name: "VU#457759", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/457759", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/articles/2161461", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10150", }, { name: "HPSBGN03442", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145690841819314&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Sep/7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, { name: "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Sep/0", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17", }, { name: "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Jun/36", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-20T18:06:34", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "1035020", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035020", }, { name: "HPSBGN03582", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=146161017210491&w=2", }, { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "RHSA-2016:0175", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0175.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18665", }, { name: "HPSBGN03551", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=145857691004892&w=2", }, { name: "RHSA-2016:0225", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0225.html", }, { name: "FEDORA-2016-0f9e9a34ce", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161", }, { name: "DSA-3481", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "USN-2900-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://ubuntu.com/usn/usn-2900-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "RHSA-2016:0277", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0277.html", }, { name: "openSUSE-SU-2016:0511", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html", }, { tags: [ "x_refsource_MISC", ], url: "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20160217-0002/", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/len_5450", }, { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2017-08", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0002.html", }, { name: "HPSBGN03549", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=145672440608228&w=2", }, { name: "83265", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/83265", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "GLSA-201602-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201602-02", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937", }, { name: "HPSBGN03547", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=145596041017029&w=2", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "40339", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40339/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bto.bluecoat.com/security-advisory/sa114", }, { name: "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1293532", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html", }, { name: "RHSA-2016:0176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0176.html", }, { name: "FEDORA-2016-0480defc94", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", }, { name: "openSUSE-SU-2016:0512", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01", }, { name: "39454", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39454/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.citrix.com/article/CTX206991", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en", }, { name: "VU#457759", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/457759", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/articles/2161461", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10150", }, { name: "HPSBGN03442", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=145690841819314&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Sep/7", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, { name: "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Sep/0", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17", }, { name: "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2022/Jun/36", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-7547", datePublished: "2016-02-18T21:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2107
Vulnerability from cvelistv5
Published
2016-05-05 00:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.633Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", }, { name: "SSA:2016-124-01", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103", }, { name: "openSUSE-SU-2016:1238", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2016:2073", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", }, { name: "DSA-3566", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3566", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160", }, { name: "openSUSE-SU-2016:1243", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201612-16", }, { name: "SUSE-SU-2016:1228", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us", }, { name: "1035721", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1035721", }, { tags: [ "x_transferred", ], url: "http://support.citrix.com/article/CTX212736", }, { name: "SUSE-SU-2016:1206", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html", }, { name: "FEDORA-2016-1e39d934ed", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html", }, { name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "FEDORA-2016-1411324654", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html", }, { name: "openSUSE-SU-2016:1240", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862", }, { name: "openSUSE-SU-2016:1566", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html", }, { name: "APPLE-SA-2016-07-18-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html", }, { tags: [ "x_transferred", ], url: "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-18", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { name: "SUSE-SU-2016:1233", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html", }, { tags: [ "x_transferred", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804", }, { name: "openSUSE-SU-2016:1237", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", }, { name: "RHSA-2016:0996", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20160504-0001/", }, { name: "91787", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "89760", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/89760", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { name: "USN-2959-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2959-1", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_transferred", ], url: "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html", }, { name: "RHSA-2016:0722", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html", }, { name: "FreeBSD-SA-16:17", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160503.txt", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/HT206903", }, { tags: [ "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa123", }, { name: "FEDORA-2016-05c567df1a", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html", }, { name: "39768", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39768/", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-03T00:00:00", descriptions: [ { lang: "en", value: "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", }, { name: "SSA:2016-124-01", tags: [ "vendor-advisory", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103", }, { name: "openSUSE-SU-2016:1238", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2016:2073", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", }, { name: "DSA-3566", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3566", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160", }, { name: "openSUSE-SU-2016:1243", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { name: "SUSE-SU-2016:1228", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us", }, { name: "1035721", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1035721", }, { url: "http://support.citrix.com/article/CTX212736", }, { name: "SUSE-SU-2016:1206", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html", }, { name: "FEDORA-2016-1e39d934ed", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html", }, { name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "FEDORA-2016-1411324654", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html", }, { name: "openSUSE-SU-2016:1240", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862", }, { name: "openSUSE-SU-2016:1566", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html", }, { name: "APPLE-SA-2016-07-18-1", tags: [ "vendor-advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html", }, { url: "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/", }, { url: "https://www.tenable.com/security/tns-2016-18", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { name: "SUSE-SU-2016:1233", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html", }, { url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804", }, { name: "openSUSE-SU-2016:1237", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", }, { name: "RHSA-2016:0996", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { url: "https://security.netapp.com/advisory/ntap-20160504-0001/", }, { name: "91787", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "89760", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/89760", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { name: "USN-2959-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2959-1", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { url: "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html", }, { name: "RHSA-2016:0722", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html", }, { name: "FreeBSD-SA-16:17", tags: [ "vendor-advisory", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc", }, { url: "https://www.openssl.org/news/secadv/20160503.txt", }, { url: "https://support.apple.com/HT206903", }, { url: "https://bto.bluecoat.com/security-advisory/sa123", }, { name: "FEDORA-2016-05c567df1a", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html", }, { name: "39768", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/39768/", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2107", datePublished: "2016-05-05T00:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:17:50.633Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-04-27 14:15
Modified
2024-11-21 06:55
Severity ?
Summary
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:samba:cifs-utils:*:*:*:*:*:*:*:*", matchCriteriaId: "A994C1D7-9394-43A0-976B-246980F5E77E", versionEndExcluding: "6.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:caas_platform:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5AB27A2D-549C-450E-A09E-B3316895F052", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:enterprise_storage:6.0:*:*:*:*:*:*:*", matchCriteriaId: "3B20D44D-F87E-4692-8E04-695683F1ECE6", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*", matchCriteriaId: "F7305944-AC9C-47A3-AADF-71A8B24830D1", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:linux_enterprise_point_of_service:11.0:sp3:*:*:*:*:*:*", matchCriteriaId: "694479D9-16C8-4B60-A4D3-975D9E0A7F53", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:linux_enterprise_storage:7.1:*:*:*:*:*:*:*", matchCriteriaId: "B264EB20-49EA-4819-A92B-0748AEFFAC68", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*", matchCriteriaId: "9910C73A-3BCD-4F56-8C7D-79CB289640A2", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:manager_proxy:4.2:*:*:*:*:*:*:*", matchCriteriaId: "B0156BFA-9E83-43E6-9C73-9711AD054B5A", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:manager_proxy:4.3:*:*:*:*:*:*:*", matchCriteriaId: "CAC2D0A4-56F8-4ED6-91E2-78434A016C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:manager_retail_branch_server:4.1:*:*:*:*:*:*:*", matchCriteriaId: "450A3B3F-F26D-4EAB-BF5D-4C906C4A99DD", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:manager_retail_branch_server:4.2:*:*:*:*:*:*:*", matchCriteriaId: "BD5BDD59-5008-4DDC-B805-BB6B7DE8E1A6", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:manager_retail_branch_server:4.3:*:*:*:*:*:*:*", matchCriteriaId: "A69D3CCD-6590-46EF-9D3F-E903AB78E3BA", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B5810E98-7BF5-42E2-9DE9-661049ABE367", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:manager_server:4.2:*:*:*:*:*:*:*", matchCriteriaId: "0E46DEFD-659D-4D8F-BCD8-6B8A022F8FB0", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:manager_server:4.3:*:*:*:*:*:*:*", matchCriteriaId: "A1532304-0EA2-4816-B481-C87C7386DC88", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*", matchCriteriaId: "1C3BEB21-4080-4258-B95C-562D717AED0B", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:openstack_cloud:9.0:*:*:*:*:*:*:*", matchCriteriaId: "83F8A7D8-FD3E-4C36-AB2A-A61449BF38C5", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*", matchCriteriaId: "1675CBE5-44D3-4326-AE8B-EEB9E25D783A", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B631400C-0A5A-45A3-9DFA-B419E83D324E", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp3:*:*:*:*:*:*", matchCriteriaId: "ACB76FF0-B939-42E9-842B-171E929F317D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp4:*:*:*:*:*:*", matchCriteriaId: "F648F64B-C3F2-4B14-906D-E48345303F0E", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*", matchCriteriaId: "F8C8AD43-557D-4285-BA46-9C5785F53229", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:-:*:*:ltss:*:*:*", matchCriteriaId: "6CFA8943-A151-4E16-962D-75F1CB0C3C41", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:espos:*:*:*", matchCriteriaId: "89C89474-3F7A-499E-8E7C-25952584A68C", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:ltss:*:*:*", matchCriteriaId: "CA2E84A0-A9ED-411B-9963-647D8A95D3D5", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:espos:*:*:*", matchCriteriaId: "455B5F70-FDA0-4AE3-9C62-F0BC8E6C3D85", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:ltss:*:*:*", matchCriteriaId: "A0E17861-F7C2-479B-B687-42419ADED014", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:-:*:*:*", matchCriteriaId: "75A0B727-33A9-416B-9E83-5103ABE856B4", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:-:*:*:*", matchCriteriaId: "D0E679A3-3EAC-4603-BD89-E04EE26845B2", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:-:*:*", matchCriteriaId: "EACDFD9B-C423-4FD1-B9AA-0D6D7D93CB36", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:rancher:*:*", matchCriteriaId: "825D86FE-87DA-4389-8097-D7CF34718CB2", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*", matchCriteriaId: "4B0AC584-5E26-4ACE-BC19-9E69A302F238", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*", matchCriteriaId: "7B84C8D3-0B59-40DC-881D-D016A422E8CC", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:business_critical_linux:-:*:*", matchCriteriaId: "93A9AC01-6C1F-4025-BD7C-E02C4E3D0CD0", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*", matchCriteriaId: "16729D9C-DC05-41BD-9B32-682983190CE0", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:business_critical_linux:-:*:*", matchCriteriaId: "EA9DC756-8E39-4AB6-B9D4-2A4100FF8D04", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:espos:*:*:*", matchCriteriaId: "77F1991E-E0D6-4BDE-BDF0-D34D6E67AAD4", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*", matchCriteriaId: "C6622CD4-DF4B-4064-BAEB-5E382C4B05C8", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:-:sap:*:*", matchCriteriaId: "E279968E-C62B-4888-899A-2BF57E8F8692", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:espos:*:*:*", matchCriteriaId: "65709414-EAE0-4EA7-9C5F-EBDA80FF2A9D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:ltss:*:*:*", matchCriteriaId: "7E05EE7E-993C-4107-9A15-EBE0D2268239", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*", matchCriteriaId: "471E110C-10CC-4C36-BDE1-BBB27EF5C6EA", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*", matchCriteriaId: "C665A768-DBDA-4197-9159-A2791E98A84F", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:espos:*:*:*", matchCriteriaId: "88FFABAC-A728-4172-9A1E-2B84E82219D4", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:ltss:*:*:*", matchCriteriaId: "B1065E14-69B3-4643-ACF7-3C14BF07C783", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:business_critical_linux:-:*:*", matchCriteriaId: "26FDBC27-D993-4A93-BC70-753FA21F4C11", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:ltss:*:*:*", matchCriteriaId: "55A521F2-51C3-4356-A8D6-BD5A1BD60C85", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*", matchCriteriaId: "A256B5D1-49D2-4363-AAD6-30FD32F0D132", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:ltss:*:*:*", matchCriteriaId: "6E1420DB-3DF2-4A95-B703-913D67727295", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*", matchCriteriaId: "6C2EACE6-C127-4B13-8002-8EEBEE8D549B", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:*:*:*:*", matchCriteriaId: "72FDB554-E771-42DA-8B9E-DB5CB545A660", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*", matchCriteriaId: "6C734CEC-64F2-4129-B52E-C81884B3AC9A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:helion_openstack:8.0:*:*:*:*:*:*:*", matchCriteriaId: "541BB602-443D-4D8E-A46F-5EC4A9702E17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.", }, { lang: "es", value: "En cifs-utils versiones hasta 6.14, un desbordamiento del búfer en la región stack de la memoria cuando es analizado el argumento de línea de comandos mount.cifs ip= podría conllevar a que atacantes locales obtuvieran privilegios de root", }, ], id: "CVE-2022-27239", lastModified: "2024-11-21T06:55:28.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-27T14:15:09.203", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Permissions Required", "Vendor Advisory", ], url: "https://bugzilla.samba.org/show_bug.cgi?id=15025", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1197216", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/piastry/cifs-utils/pull/7", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202311-05", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Permissions Required", "Vendor Advisory", ], url: "https://bugzilla.samba.org/show_bug.cgi?id=15025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1197216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/piastry/cifs-utils/pull/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202311-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5157", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-18 21:59
Modified
2024-11-21 02:36
Severity ?
Summary
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:helion_openstack:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "598E9A70-D953-48F6-96AF-885532C6BA40", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "46D566AF-D1DE-4EAD-B881-DC40D1DE780C", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "81BED703-422A-4937-8BF0-F83C248188F9", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:server_migration_pack:7.5:*:*:*:*:*:*:*", matchCriteriaId: "01FB206E-013D-4BF8-999A-80ACEA611549", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sophos:unified_threat_management_software:9.319:*:*:*:*:*:*:*", matchCriteriaId: "8D7ABF3B-513A-41E3-9640-7D5339B8235D", vulnerable: true, }, { criteria: "cpe:2.3:a:sophos:unified_threat_management_software:9.355:*:*:*:*:*:*:*", matchCriteriaId: "F7599118-C33F-4BEF-BDD5-280FF9F61124", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2:*:*:*:*:*:*", matchCriteriaId: "1FADFCB2-7D70-4778-9199-516E667177C8", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3:*:*:*:*:*:*", matchCriteriaId: "174A8501-CFE4-430E-BB1F-DDF89F94A117", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "480C8C21-8DA3-4EF2-8BCF-7CED031A3B81", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", matchCriteriaId: "1F33821F-22ED-4B6A-B70B-D38EDA658EE7", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "10F15C47-008C-4FFC-980B-A14E176C1F1E", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", matchCriteriaId: "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", matchCriteriaId: "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:lts:*:*:*", matchCriteriaId: "380DDE38-767C-455A-8474-29BF32D66D48", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*", matchCriteriaId: "01E21741-9D7D-42DD-B70D-5FD3053DE780", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*", matchCriteriaId: "FD3677E0-7423-452A-8C1E-A20C5CC34CA8", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "D5BAC17C-EF31-4E94-9020-47B781AD94B3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", matchCriteriaId: "2076747F-A98E-4DD9-9B52-BF1732BCAD3D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", matchCriteriaId: "ACC73EF8-7AD9-4113-9E3F-C93AF818CEB8", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "51FA1B64-D002-41CC-908F-3798122ACD25", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", matchCriteriaId: "DB2A1559-651C-46B0-B436-8E03DC8A60D2", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", matchCriteriaId: "5A633996-2FD7-467C-BAA6-529E16BD06D1", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", matchCriteriaId: "9C649194-B8C2-49F7-A819-C635EE584ABF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CB059A52-DE6D-47FB-98E8-5A788E1C0FC0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", matchCriteriaId: "D70580AD-2134-49D3-BE15-020023A10E87", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "532AAF54-64EF-4852-B4F1-D5E660463704", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D0EDB8E9-E6FB-406E-B1D3-C620F114804C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3CA2FA6B-3930-432F-8FB5-E73604CEFE42", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "62B0A70A-D101-443E-A543-5EC35E23D66F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "524B2D05-508C-47FF-94A0-6CC42060E638", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E90C12AF-44BA-44A2-89ED-0C2497EEC8A6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "23FF9627-E561-4CF7-A685-6E33D2F6C98C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A3861055-D7FB-4C07-BE61-6879D3638B07", versionEndIncluding: "2290", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", matchCriteriaId: "3C84489B-B08C-4854-8A12-D01B6E45CF79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "39A901D6-0874-46A4-92A8-5F72C7A89E85", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "1C8D871B-AEA1-4407-AEE3-47EC782250FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*", matchCriteriaId: "A96FA9ED-7529-440D-984D-6340B94D8243", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*", matchCriteriaId: "E3D70AB0-2910-4191-9980-5BA78E8F2E11", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", matchCriteriaId: "9A30D0EE-1AED-4C99-8A22-24E47212F3FD", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", matchCriteriaId: "4169CA4B-C4F5-499A-A35A-49DD43AC0A22", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", matchCriteriaId: "A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*", matchCriteriaId: "C55E32EC-33A6-4145-9B76-C7E3DBACD1E1", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*", matchCriteriaId: "6423F0B5-E483-4DE9-B13F-3A7322F055DC", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*", matchCriteriaId: "18F57529-10DF-447A-8C53-DD4B1C2AA21E", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*", matchCriteriaId: "C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*", matchCriteriaId: "37880948-2AB5-491A-85E2-B7E271E03B1D", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*", matchCriteriaId: "DF8E0DCD-8D39-4C89-9B4C-37025D9BE3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*", matchCriteriaId: "BFD5D113-EF53-4690-92AC-B6E54D70AA9B", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*", matchCriteriaId: "92B1C39D-1183-4FAE-85C2-D1DC7AA6F431", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*", matchCriteriaId: "733A1711-D2FC-45C6-9542-893860851F6B", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*", matchCriteriaId: "CA4CFA8E-9892-4DDA-9DB2-581711E974A1", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*", matchCriteriaId: "C1E91F85-7872-4290-BE7F-C966AC2773CB", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*", matchCriteriaId: "BC5491CD-F3D6-4B09-AE44-62285F6B462A", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.19:*:*:*:*:*:*:*", matchCriteriaId: "1829B291-7B55-4B4A-9CA4-8784932935B8", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:*:*", matchCriteriaId: "D625EEF2-DB23-4DFE-AF1C-BEE2DD38C54D", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*", matchCriteriaId: "47C2E388-06A8-4AD0-9511-749FD10D2936", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:*:*", matchCriteriaId: "8DB1928D-6A44-4B2D-A9BB-4656AF47317B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", }, { lang: "es", value: "Múltiples desbordamientos de buffer basado en pila en las funciones (1) send_dg y (2) send_vc en la librería libresolv en la librería GNU C (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una respuesta DNS manipulada que desencadenan una llamada a la función getaddrinfo con la familia de direcciones AF_UNSPEC o AF_INET6, en relación con la ejecución de \"consultas duales A/AAAA DNS\" y el módulo libnss_dns.so.2 NSS.", }, ], id: "CVE-2015-7547", lastModified: "2024-11-21T02:36:57.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-18T21:59:00.120", references: [ { source: "secalert@redhat.com", url: "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=bugtraq&m=145596041017029&w=2", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=bugtraq&m=145672440608228&w=2", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=bugtraq&m=145690841819314&w=2", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=bugtraq&m=145857691004892&w=2", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=bugtraq&m=146161017210491&w=2", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0175.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0176.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0225.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0277.html", }, { source: "secalert@redhat.com", url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { source: "secalert@redhat.com", url: "http://seclists.org/fulldisclosure/2021/Sep/0", }, { source: "secalert@redhat.com", url: "http://seclists.org/fulldisclosure/2022/Jun/36", }, { source: "secalert@redhat.com", url: "http://support.citrix.com/article/CTX206991", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://ubuntu.com/usn/usn-2900-1", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3480", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { source: "secalert@redhat.com", url: "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { source: "secalert@redhat.com", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/83265", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1035020", }, { source: "secalert@redhat.com", url: "http://www.vmware.com/security/advisories/VMSA-2016-0002.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/articles/2161461", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa114", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1293532", }, { source: "secalert@redhat.com", url: "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { source: "secalert@redhat.com", url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "secalert@redhat.com", url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10150", }, { source: "secalert@redhat.com", url: "https://seclists.org/bugtraq/2019/Sep/7", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201602-02", }, { source: "secalert@redhat.com", url: "https://security.netapp.com/advisory/ntap-20160217-0002/", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18665", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html", }, { source: "secalert@redhat.com", url: "https://support.lenovo.com/us/en/product_security/len_5450", }, { source: "secalert@redhat.com", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17", }, { source: "secalert@redhat.com", url: "https://www.exploit-db.com/exploits/39454/", }, { source: "secalert@redhat.com", url: "https://www.exploit-db.com/exploits/40339/", }, { source: "secalert@redhat.com", url: "https://www.kb.cert.org/vuls/id/457759", }, { source: "secalert@redhat.com", url: "https://www.tenable.com/security/research/tra-2017-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=145596041017029&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=145672440608228&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=145690841819314&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=145857691004892&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=146161017210491&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0175.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0225.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0277.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2021/Sep/0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2022/Jun/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.citrix.com/article/CTX206991", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://ubuntu.com/usn/usn-2900-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3480", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/83265", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vmware.com/security/advisories/VMSA-2016-0002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/articles/2161461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa114", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1293532", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10150", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Sep/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201602-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20160217-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18665", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.lenovo.com/us/en/product_security/len_5450", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/39454/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/40339/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.kb.cert.org/vuls/id/457759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/research/tra-2017-08", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-05 01:59
Modified
2024-11-21 02:47
Severity ?
Summary
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", matchCriteriaId: "3C84489B-B08C-4854-8A12-D01B6E45CF79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "39A901D6-0874-46A4-92A8-5F72C7A89E85", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "1C8D871B-AEA1-4407-AEE3-47EC782250FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", matchCriteriaId: "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "C1F608A0-78BE-4F17-9E41-70933E52B3C7", versionEndIncluding: "1.0.1s", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", matchCriteriaId: "18797BEE-417D-4959-9AAD-C5A7C051B524", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", matchCriteriaId: "6FAA3C31-BD9D-45A9-A502-837FECA6D479", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", matchCriteriaId: "6455A421-9956-4846-AC7C-3431E0D37D23", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", matchCriteriaId: "60F946FD-F564-49DA-B043-5943308BA9EE", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", matchCriteriaId: "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", matchCriteriaId: "9B89180B-FB68-4DD8-B076-16E51CC7FB91", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", matchCriteriaId: "4C986592-4086-4A39-9767-EF34DBAA6A53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", matchCriteriaId: "7B23181C-03DB-4E92-B3F6-6B585B5231B4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", matchCriteriaId: "94D9EC1C-4843-4026-9B05-E060E9391734", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", matchCriteriaId: "B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", matchCriteriaId: "A39C31E3-75C0-4E92-A6B5-7D67B22E3449", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BB318EA4-2908-4B91-8DBB-20008FDF528A", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "1F4E46A9-B652-47CE-92E8-01021E57724B", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "36DD8E3F-6308-4680-B932-4CBD8E58A7FB", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*", matchCriteriaId: "1DA9F0F7-D592-481E-884C-B1A94E702825", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*", matchCriteriaId: "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*", matchCriteriaId: "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "A47AB858-36DE-4330-8CAC-1B46C5C8DA80", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "49413FF7-7910-4F74-B106-C3170612CB2A", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*", matchCriteriaId: "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A8882E50-7C49-4A99-91F2-DF979CF8BB2F", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*", matchCriteriaId: "98C32982-095C-4628-9958-118A3D3A9CAA", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*", matchCriteriaId: "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*", matchCriteriaId: "7C4E6353-B77A-464F-B7DE-932704003B33", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "77125688-2CCA-4990-ABB2-551D47CB0CDD", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*", matchCriteriaId: "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B846C63A-7261-481E-B4A4-0D8C79E0D8A7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "46D566AF-D1DE-4EAD-B881-DC40D1DE780C", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "81BED703-422A-4937-8BF0-F83C248188F9", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A241BABC-E6A8-43B1-BED6-77FC38E337BD", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "DBE8AEFE-C74B-4E24-8EBA-35207DE756E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", matchCriteriaId: "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", matchCriteriaId: "1CBD1B3E-644C-42B4-A556-7A4C58D219D6", versionEndExcluding: "0.10.45", versionStartIncluding: "0.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", matchCriteriaId: "2E35B5D6-6D7B-4D04-A8E4-88C4C47270AE", versionEndExcluding: "0.12.14", versionStartIncluding: "0.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "A47FC4F7-1F77-4314-B4B3-3C5D8E335379", versionEndIncluding: "4.1.2", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "BA51558F-F55C-48B3-870B-6D1225998AB3", versionEndExcluding: "4.4.4", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "D8D63E80-A861-4393-A868-9845F521CD04", versionEndExcluding: "5.11.1", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5A53CB0E-3FBA-4796-BC81-6003A7DC29DE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.", }, { lang: "es", value: "La implementación de AES-NI en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h no considera la asignación de memoria durante una comprobación de relleno determinada, lo que permite a atacantes remotos obtener información de texto claro sensible a través de un ataque de padding-oracle contra una sesión AES CBC . NOTA: esta vulnerabilidad existe debido a una corrección incorrecta para CVE-2013-0169.", }, ], id: "CVE-2016-2107", lastModified: "2024-11-21T02:47:49.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-05T01:59:03.200", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.citrix.com/article/CTX212736", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3566", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/89760", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035721", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2959-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/", }, { source: "secalert@redhat.com", tags: [ "Permissions Required", ], url: "https://bto.bluecoat.com/security-advisory/sa123", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20160504-0001/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/HT206903", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/39768/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20160503.txt", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.citrix.com/article/CTX212736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3566", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/89760", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2959-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://bto.bluecoat.com/security-advisory/sa123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20160504-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/HT206903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/39768/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20160503.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-18", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-17 11:15
Modified
2024-11-21 04:42
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=1124864 | Issue Tracking, Permissions Required | |
| nvd@nist.gov | https://www.suse.com/security/cve/CVE-2019-3683/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1124864 | Issue Tracking, Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| suse | openstack_cloud | 8.0 | |
| suse | keystone-json-assignment | * | |
| hp | helion_openstack | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*", matchCriteriaId: "1C3BEB21-4080-4258-B95C-562D717AED0B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:keystone-json-assignment:*:*:*:*:*:*:*:*", matchCriteriaId: "5CA0DA3D-0522-4337-8CBF-3D68CD71C69E", versionEndExcluding: "2019-02-18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:helion_openstack:8.0:*:*:*:*:*:*:*", matchCriteriaId: "541BB602-443D-4D8E-A46F-5EC4A9702E17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full \"member\" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.", }, { lang: "es", value: "El paquete keystone-json-assignment en SUSE Openstack Cloud versión 8 antes del commit d7888c75505465490250c00cc0ef4bb1af662f9f, a cada usuario listado en el archivo /etc/keystone/user-project-map.json se le fue asignado el rol completo \"member\" para cada proyecto. Esto permitió a estos usuarios acceder, modificar, crear y eliminar recursos arbitrarios, contrariamente a lo esperado.", }, ], id: "CVE-2019-3683", lastModified: "2024-11-21T04:42:19.500", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "meissner@suse.de", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-17T11:15:11.813", references: [ { source: "meissner@suse.de", tags: [ "Issue Tracking", "Permissions Required", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1124864", }, { source: "nvd@nist.gov", tags: [ "Vendor Advisory", ], url: "https://www.suse.com/security/cve/CVE-2019-3683/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Permissions Required", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1124864", }, ], sourceIdentifier: "meissner@suse.de", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "meissner@suse.de", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-11 21:59
Modified
2024-11-21 02:50
Severity ?
Summary
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "46D566AF-D1DE-4EAD-B881-DC40D1DE780C", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "81BED703-422A-4937-8BF0-F83C248188F9", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A241BABC-E6A8-43B1-BED6-77FC38E337BD", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "DBE8AEFE-C74B-4E24-8EBA-35207DE756E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", matchCriteriaId: "26A04769-0D4E-4B7B-B54C-C686FB69D85A", versionEndIncluding: "2.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:qemu:qemu:2.6.0:rc0:*:*:*:*:*:*", matchCriteriaId: "544B3E62-7AE7-4925-9E50-CAFDAD5A3851", vulnerable: true, }, { criteria: "cpe:2.3:a:qemu:qemu:2.6.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B8C11472-2B2A-4110-A04B-5CFBA0763432", vulnerable: true, }, { criteria: "cpe:2.3:a:qemu:qemu:2.6.0:rc2:*:*:*:*:*:*", matchCriteriaId: "ECD3B63B-1388-4C24-B9B9-043C04FE1F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:qemu:qemu:2.6.0:rc3:*:*:*:*:*:*", matchCriteriaId: "B10C154A-F559-4BE1-94AE-8619D4634564", vulnerable: true, }, { criteria: "cpe:2.3:a:qemu:qemu:2.6.0:rc4:*:*:*:*:*:*", matchCriteriaId: "F7126355-4164-4E54-BCC3-D3D6D1E5AF81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*", matchCriteriaId: "FC9E8528-0FB8-4BF0-A9EF-6CC84A2631A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:vm_server:3.3:*:*:*:*:*:x86:*", matchCriteriaId: "8663D0AF-825D-48FC-8AED-498434A0AA76", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:x86:*", matchCriteriaId: "457955E5-41E5-4E17-8435-AA0F6F757A21", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", matchCriteriaId: "62A2AC02-A933-4E51-810E-5D040B476B7B", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", matchCriteriaId: "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", matchCriteriaId: "44B8FEDF-6CB0-46E9-9AD7-4445B001C158", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:xenserver:*:*:*:*:*:*:*:*", matchCriteriaId: "DE91B02A-0F07-437D-8AFC-38541C5A04AD", versionEndIncluding: "7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B152EDF3-3140-4343-802F-F4F1C329F5C3", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", matchCriteriaId: "31EC146C-A6F6-4C0D-AF87-685286262DAA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", matchCriteriaId: "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", matchCriteriaId: "E8B8C725-34CF-4340-BE7B-37E58CF706D6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", matchCriteriaId: "D86166F9-BBF0-4650-8CCD-0F9C97104D21", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "1C8D871B-AEA1-4407-AEE3-47EC782250FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "A8442C20-41F9-47FD-9A12-E724D3A31FD7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "21690BAC-2129-4A33-9B48-1F3BF30072A9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "6755B6AD-0422-467B-8115-34A60B1D1A40", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the \"Dark Portal\" issue.", }, { lang: "es", value: "El módulo VGA en QEMU lleva a cabo incorrectamente comprobaciones de límites sobre acceso almacenado a la memoria de vídeo, lo que permite a administradores locales de SO invitado ejecutar código arbitrario sobre el anfitrión cambiando los modos de acceso después de establecer el banco de registros, también conocido como el problema \"Dark Portal\".", }, ], id: "CVE-2016-3710", lastModified: "2024-11-21T02:50:32.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-11T21:59:01.077", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0724.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0725.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0997.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0999.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1000.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1001.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1002.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1019.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1943.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.citrix.com/article/CTX212736", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3573", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/05/09/3", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/90316", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035794", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2974-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://xenbits.xen.org/xsa/advisory-179.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1224", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "Vendor Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0724.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0725.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0997.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0999.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1943.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.citrix.com/article/CTX212736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3573", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/05/09/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/90316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2974-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://xenbits.xen.org/xsa/advisory-179.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "Vendor Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }