{"vulnerability": "CVE-2023-3932", "sightings": [{"uuid": "99d3a30e-bd56-46cb-8bb1-0ea1bba22638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39325", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113672096276468558", "content": "", "creation_timestamp": "2024-12-18T05:09:00.134539Z"}, {"uuid": "87b2ca5d-ac59-4b22-9ad9-89f33b5fe7cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39322", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ly5bbrhtygq2", "content": "", "creation_timestamp": "2025-09-06T03:47:41.790274Z"}, {"uuid": "595fb8c2-c5bd-4460-89c6-831b0e93efcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39320", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ly6kzlcpg452", "content": "", "creation_timestamp": "2025-09-06T16:14:24.148114Z"}, {"uuid": "0f454fec-a49f-4c20-8080-b76ec97cf541", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39321", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ly4luq6sgch2", "content": "", "creation_timestamp": "2025-09-05T21:24:21.440618Z"}, {"uuid": "068bd3f2-0f9c-4d03-be15-7afe0aaf3bec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39323", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18181", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-39323\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.\n\ud83d\udccf Published: 2023-10-05T20:36:58.756Z\n\ud83d\udccf Modified: 2025-06-12T15:15:12.065Z\n\ud83d\udd17 References:\n1. https://go.dev/issue/63211\n2. https://go.dev/cl/533215\n3. https://groups.google.com/g/golang-announce/c/XBa1oHDevAo\n4. https://pkg.go.dev/vuln/GO-2023-2095\n5. https://security.netapp.com/advisory/ntap-20231020-0001/\n6. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\n7. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\n8. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\n9. https://security.gentoo.org/glsa/202311-09", "creation_timestamp": "2025-06-12T15:33:58.000000Z"}, {"uuid": "c04fa41d-1a58-466f-af84-476533a4b312", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39325", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/272", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-6596\n\ud83d\udd39 Description: An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.\n\ud83d\udccf Published: 2024-04-25T16:00:24.215Z\n\ud83d\udccf Modified: 2025-01-06T22:01:20.326Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:0485\n2. https://access.redhat.com/errata/RHSA-2024:0682\n3. https://access.redhat.com/security/cve/CVE-2023-6596\n4. https://bugzilla.redhat.com/show_bug.cgi?id=2253521", "creation_timestamp": "2025-01-06T22:38:24.000000Z"}, {"uuid": "38886409-d45d-458b-92c3-dcb4a4581dbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39325", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2380", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12698\n\ud83d\udd39 Description: An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources.\n\ud83d\udccf Published: 2024-12-18T05:07:21.026Z\n\ud83d\udccf Modified: 2025-01-21T09:28:08.318Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-12698\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2332674", "creation_timestamp": "2025-01-21T10:01:16.000000Z"}, {"uuid": "6a5ed051-d904-42af-a752-c0bf4af638f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39325", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5259", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12698\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources.\n\ud83d\udccf Published: 2024-12-18T05:07:21.026Z\n\ud83d\udccf Modified: 2025-02-25T08:07:40.863Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:6122\n2. https://access.redhat.com/security/cve/CVE-2024-12698\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2332674", "creation_timestamp": "2025-02-25T08:25:23.000000Z"}, {"uuid": "1c5f290b-88f6-4755-93fa-f4eb707fc40c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39327", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mdldssbhv22g", "content": "", "creation_timestamp": "2026-01-29T17:47:01.755044Z"}, {"uuid": "d8d5dc76-b5f8-46a7-9578-abf22dfd3f22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3932", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17255", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-5009\n\ud83d\udd25 CVSS Score: 9.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.\n\ud83d\udccf Published: 2023-09-19T07:01:14.930Z\n\ud83d\udccf Modified: 2025-05-22T04:09:01.346Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/425304\n2. https://hackerone.com/reports/2147126", "creation_timestamp": "2025-05-22T04:44:33.000000Z"}, {"uuid": "a3dfce40-5f0e-4820-b33f-6fccca977514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39325", "type": "seen", "source": "https://t.me/cvedetector/13160", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12698 - Rapid Reset Unauthenticated Stream Encryption Weakness in OpenShift Enterprise OSE-OLM-Catalogd Container\", \n  \"Content\": \"CVE ID : CVE-2024-12698 \nPublished : Dec. 18, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T07:00:06.000000Z"}, {"uuid": "a98fd300-26b4-4773-9b8f-1c136f386d78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39328", "type": "seen", "source": "https://t.me/cvedetector/353", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-39328 - A vulnerability was found in OpenJPEG similar to C\", \n  \"Content\": \"CVE ID : CVE-2023-39328 \nPublished : July 9, 2024, 2:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T16:52:11.000000Z"}, {"uuid": "722f7888-091c-46ef-b151-d47b8e28562c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39323", "type": "seen", "source": "https://t.me/cibsecurity/71694", "content": "\u203c CVE-2023-39323 \u203c\n\nLine directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-06T00:12:57.000000Z"}, {"uuid": "03ef0ad9-375a-44d8-9227-a68c88dac50e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39326", "type": "seen", "source": "https://t.me/ctinow/160774", "content": "https://ift.tt/y9aThU6\nCVE-2023-39326 | Google Go up to 1.20.11/1.21.4 net-http information disclosure", "creation_timestamp": "2023-12-30T07:31:53.000000Z"}, {"uuid": "04c922a9-cd81-4c3b-aad5-80810672eff8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3932", "type": "seen", "source": "https://t.me/cibsecurity/67642", "content": "\u203c CVE-2023-3932 \u203c\n\nAn issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T12:40:11.000000Z"}, {"uuid": "b0f6d71a-8b99-4726-9a4e-7b8361e20a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39329", "type": "seen", "source": "https://t.me/cvedetector/790", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-39329 - A flaw was found in OpenJPEG. A resource exhaustio\", \n  \"Content\": \"CVE ID : CVE-2023-39329 \nPublished : July 13, 2024, 3:15 a.m. | 46\u00a0minutes ago \nDescription : A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-13T06:18:59.000000Z"}, {"uuid": "d2c8bb8f-052b-4c91-ada9-448a1f4616a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39327", "type": "seen", "source": "https://t.me/cvedetector/791", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-39327 - A flaw was found in OpenJPEG. Maliciously construc\", \n  \"Content\": \"CVE ID : CVE-2023-39327 \nPublished : July 13, 2024, 3:15 a.m. | 46\u00a0minutes ago \nDescription : A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-13T06:18:59.000000Z"}, {"uuid": "6800dbd7-6961-4deb-90fa-cff87f1bb42c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3932", "type": "seen", "source": "Telegram/cav1qfX2ggt4SwGidwqSOdRnioYtJyypaLX2bXZkrVtKQlM", "content": "", "creation_timestamp": "2023-10-11T17:38:29.000000Z"}, {"uuid": "1aaa6e4e-14e5-4e4c-a187-f17b70af8492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39322", "type": "seen", "source": "https://t.me/cibsecurity/70153", "content": "\u203c CVE-2023-39322 \u203c\n\nQUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-08T20:19:06.000000Z"}, {"uuid": "d28fff69-3c66-483b-997d-2a26aa06c43d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39321", "type": "seen", "source": "https://t.me/cibsecurity/70152", "content": "\u203c CVE-2023-39321 \u203c\n\nProcessing an incomplete post-handshake message for a QUIC connection can cause a panic.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-08T20:19:05.000000Z"}, {"uuid": "fc99e0c6-ff20-448d-a5fd-700722e9319d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39320", "type": "seen", "source": "https://t.me/cibsecurity/70149", "content": "\u203c CVE-2023-39320 \u203c\n\nThe go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the \"go\" command was executed within the module. This applies to modules downloaded using the \"go\" command from the module proxy, as well as modules downloaded directly using VCS software.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-08T20:19:02.000000Z"}]}