Vulnerability-Lookup

CVE-2021-33645 (GCVE-0-2021-33645)

Vulnerability from cvelistv5 – Published: 2022-08-09 00:00 – Updated: 2025-11-03 20:33

Summary

The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

openEuler

References

7 references

URL	Tags
https://www.openeuler.org/en/security/safety-bull…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
n/a	libtar	Affected: <1.2.21

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:33:38.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
          },
          {
            "name": "FEDORA-2022-fe1a4e3cf0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
          },
          {
            "name": "FEDORA-2022-50e8a1b51d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
          },
          {
            "name": "FEDORA-2022-44a20bba43",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
          },
          {
            "name": "FEDORA-2022-88772d0a2d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
          },
          {
            "name": "FEDORA-2022-ccc68b06cc",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtar",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c1.2.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longlink after allocating memory, which may cause a memory leak."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401: Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-28T00:00:00.000Z",
        "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "shortName": "openEuler"
      },
      "references": [
        {
          "url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
        },
        {
          "name": "FEDORA-2022-fe1a4e3cf0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
        },
        {
          "name": "FEDORA-2022-50e8a1b51d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
        },
        {
          "name": "FEDORA-2022-44a20bba43",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
        },
        {
          "name": "FEDORA-2022-88772d0a2d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
        },
        {
          "name": "FEDORA-2022-ccc68b06cc",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
    "assignerShortName": "openEuler",
    "cveId": "CVE-2021-33645",
    "datePublished": "2022-08-09T00:00:00.000Z",
    "dateReserved": "2021-05-28T00:00:00.000Z",
    "dateUpdated": "2025-11-03T20:33:38.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-33645",
      "date": "2026-06-25",
      "epss": "0.01431",
      "percentile": "0.69648"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.21\", \"matchCriteriaId\": \"9FB33CE5-5B11-49D2-9277-67E941584A35\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:openeuler:20.03:sp1:*:*:lts:*:*:*\", \"matchCriteriaId\": \"78AA9487-C85C-4F4F-9429-E0496080F7B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:openeuler:20.03:sp3:*:*:lts:*:*:*\", \"matchCriteriaId\": \"2E9E5CF1-3FD7-413A-BD29-0EBA0E1E6766\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:openeuler:22.03:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"435FECB5-9313-4400-A95F-8F7C9D5A0A07\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The th_read() function doesn\\u2019t free a variable t-\u003eth_buf.gnu_longlink after allocating memory, which may cause a memory leak.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n th_read() no libera una variable t-)th_buf.gnu_longlink despu\\u00e9s de asignar memoria, lo que puede causar una p\\u00e9rdida de memoria\"}]",
      "id": "CVE-2021-33645",
      "lastModified": "2024-11-21T06:09:16.087",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-08-10T20:15:20.573",
      "references": "[{\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/\", \"source\": \"securities@openeuler.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/\", \"source\": \"securities@openeuler.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/\", \"source\": \"securities@openeuler.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/\", \"source\": \"securities@openeuler.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/\", \"source\": \"securities@openeuler.org\"}, {\"url\": \"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807\", \"source\": \"securities@openeuler.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "securities@openeuler.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"securities@openeuler.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-401\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-401\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-33645\",\"sourceIdentifier\":\"securities@openeuler.org\",\"published\":\"2022-08-10T20:15:20.573\",\"lastModified\":\"2025-11-03T21:15:41.387\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longlink after allocating memory, which may cause a memory leak.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n th_read() no libera una variable t-)th_buf.gnu_longlink despu\u00e9s de asignar memoria, lo que puede causar una p\u00e9rdida de memoria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"securities@openeuler.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.21\",\"matchCriteriaId\":\"9FB33CE5-5B11-49D2-9277-67E941584A35\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openatom:openeuler:20.03:sp1:*:*:lts:*:*:*\",\"matchCriteriaId\":\"464D2E5A-0D36-4893-85A4-2267AE0333DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openatom:openeuler:20.03:sp3:*:*:lts:*:*:*\",\"matchCriteriaId\":\"A98D36A4-869D-4F90-9434-599915671828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openatom:openeuler:22.03:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"5975B9D2-6A0F-43DE-806E-C8FC6D152EF6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/\",\"source\":\"securities@openeuler.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/\",\"source\":\"securities@openeuler.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/\",\"source\":\"securities@openeuler.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/\",\"source\":\"securities@openeuler.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/\",\"source\":\"securities@openeuler.org\"},{\"url\":\"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807\",\"source\":\"securities@openeuler.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2023-1238

Vulnerability from csaf_certbund - Published: 2023-05-16 22:00 - Updated: 2025-12-28 23:00

Summary

Red Hat Enterprise Linux: Mehrere Schwachstellen in verschiedenen Komponenten

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen Komponenten von Red Hat Enterprise Linux ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux

CVE-2021-33643

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2021-33644

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2021-33645

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2021-33646

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2021-3782

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2022-4515

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2023-25563

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2023-25564

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2023-25565

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2023-25566

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2023-25567

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

References

14 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2023:2786	external
https://access.redhat.com/errata/RHSA-2023:2863	external
https://access.redhat.com/errata/RHSA-2023:2898	external
https://access.redhat.com/errata/RHSA-2023:3097	external
https://linux.oracle.com/errata/ELSA-2023-2898.html	external
https://linux.oracle.com/errata/ELSA-2023-2863.html	external
https://linux.oracle.com/errata/ELSA-2023-3097.html	external
https://alas.aws.amazon.com/AL2/ALAS-2023-2103.html	external
https://alas.aws.amazon.com/AL2/ALAS-2023-2343.html	external
https://lists.debian.org/debian-lts-announce/2025…	external
https://alas.aws.amazon.com/ALAS-2025-1974.html	external
https://errata.build.resf.org/RLSA-2023:2898	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen Komponenten von Red Hat Enterprise Linux ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1238 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1238.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1238 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1238"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory vom 2023-05-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:2786"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory vom 2023-05-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:2863"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory vom 2023-05-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:2898"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory vom 2023-05-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:3097"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-2898 vom 2023-05-24",
        "url": "https://linux.oracle.com/errata/ELSA-2023-2898.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-2863 vom 2023-05-24",
        "url": "https://linux.oracle.com/errata/ELSA-2023-2863.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-3097 vom 2023-05-24",
        "url": "https://linux.oracle.com/errata/ELSA-2023-3097.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2023-2103 vom 2023-07-01",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2103.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-2343 vom 2023-11-16",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2343.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4033 vom 2025-01-28",
        "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2025-1974 vom 2025-04-30",
        "url": "https://alas.aws.amazon.com/ALAS-2025-1974.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2023:2898 vom 2025-12-27",
        "url": "https://errata.build.resf.org/RLSA-2023:2898"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen in verschiedenen Komponenten",
    "tracking": {
      "current_release_date": "2025-12-28T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-29T09:05:12.956+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2023-1238",
      "initial_release_date": "2023-05-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-05-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-05-23T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-05-24T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-07-02T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-11-15T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-01-28T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-04-29T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-12-28T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        }
      ],
      "status": "final",
      "version": "8"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Red Hat Enterprise Linux 8",
                  "product_id": "T014111",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-33643",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2021-33643"
    },
    {
      "cve": "CVE-2021-33644",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2021-33644"
    },
    {
      "cve": "CVE-2021-33645",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2021-33645"
    },
    {
      "cve": "CVE-2021-33646",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2021-33646"
    },
    {
      "cve": "CVE-2021-3782",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2021-3782"
    },
    {
      "cve": "CVE-2022-4515",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2022-4515"
    },
    {
      "cve": "CVE-2023-25563",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2023-25563"
    },
    {
      "cve": "CVE-2023-25564",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2023-25564"
    },
    {
      "cve": "CVE-2023-25565",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2023-25565"
    },
    {
      "cve": "CVE-2023-25566",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2023-25566"
    },
    {
      "cve": "CVE-2023-25567",
      "product_status": {
        "known_affected": [
          "2951",
          "398363",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2023-25567"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-33645 (GCVE-0-2021-33645)

WID-SEC-W-2023-1238

Tags

Sightings

Nomenclature