Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0304
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les versions 21.4.x de Junos OS pour SRX Series ne bénéficient pas de correctif pour la vulnérabilité CVE-2025-30659.
Impacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R3-S10 | ||
Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.4.x-EVO antérieures à 22.4R3-S6-EVO | ||
Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4.x-EVO antérieures à 23.4R2-S4-EVO | ||
Juniper Networks | Junos OS | Junos OS versions 22.2.x antérieures à 22.2R3-S6 | ||
Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 21.4R3-S10-EVO | ||
Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2.x-EVO antérieures à 23.2R2-S3-EVO | ||
Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2.x-EVO antérieures à 24.2R2-EVO | ||
Juniper Networks | Junos Space | Junos Space versions antérieures à 24.1R3 | ||
Juniper Networks | Junos Space | Junos Space Security Director versions antérieures à 24.1R3 | ||
Juniper Networks | Junos OS | Junos OS versions 23.4.x antérieures à 23.4R2-S4 | ||
Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.2.x-EVO antérieures à 22.2R3-S6-EVO | ||
Juniper Networks | CTPView | CTPView versions antérieures à 9.2R1 | ||
Juniper Networks | Junos OS | Junos OS versions 22.4.x antérieures à 22.4R3-S6 | ||
Juniper Networks | Junos OS | Junos OS versions 23.2.x antérieures à 23.2R2-S3 | ||
Juniper Networks | Junos OS | Junos OS versions 24.2.x antérieures à 24.2R2 | ||
Juniper Networks | Junos OS | Junos OS versions antérieures à 21.2R3-S9 |
References
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R3-S10 ", "product": { "name": "Junos OS", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS Evolved versions 22.4.x-EVO ant\u00e9rieures \u00e0 22.4R3-S6-EVO", "product": { "name": "Junos OS Evolved", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS Evolved versions 23.4.x-EVO ant\u00e9rieures \u00e0 23.4R2-S4-EVO", "product": { "name": "Junos OS Evolved", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS versions 22.2.x ant\u00e9rieures \u00e0 22.2R3-S6", "product": { "name": "Junos OS", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S10-EVO", "product": { "name": "Junos OS Evolved", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS Evolved versions 23.2.x-EVO ant\u00e9rieures \u00e0 23.2R2-S3-EVO", "product": { "name": "Junos OS Evolved", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS Evolved versions 24.2.x-EVO ant\u00e9rieures \u00e0 24.2R2-EVO", "product": { "name": "Junos OS Evolved", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R3", "product": { "name": "Junos Space", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R3", "product": { "name": "Junos Space", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS versions 23.4.x ant\u00e9rieures \u00e0 23.4R2-S4", "product": { "name": "Junos OS", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS Evolved versions 22.2.x-EVO ant\u00e9rieures \u00e0 22.2R3-S6-EVO", "product": { "name": "Junos OS Evolved", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "CTPView versions ant\u00e9rieures \u00e0 9.2R1", "product": { "name": "CTPView", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS versions 22.4.x ant\u00e9rieures \u00e0 22.4R3-S6", "product": { "name": "Junos OS", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS versions 23.2.x ant\u00e9rieures \u00e0 23.2R2-S3", "product": { "name": "Junos OS", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS versions 24.2.x ant\u00e9rieures \u00e0 24.2R2", "product": { "name": "Junos OS", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9", "product": { "name": "Junos OS", "vendor": { "name": "Juniper Networks", "scada": false } } } ], "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 21.4.x de Junos OS pour SRX Series ne b\u00e9n\u00e9ficient pas de correctif pour la vuln\u00e9rabilit\u00e9 CVE-2025-30659.", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-42472", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42472" }, { "name": "CVE-2024-7006", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7006" }, { "name": "CVE-2024-21235", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235" }, { "name": "CVE-2024-27820", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27820" }, { "name": "CVE-2024-42284", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42284" }, { "name": "CVE-2024-27052", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052" }, { "name": "CVE-2025-21597", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21597" }, { "name": "CVE-2024-33602", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602" }, { "name": "CVE-2024-4076", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076" }, { "name": "CVE-2025-30658", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30658" }, { "name": "CVE-2024-40866", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40866" }, { "name": "CVE-2024-6232", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232" }, { "name": "CVE-2024-21823", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21823" }, { "name": "CVE-2023-28746", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746" }, { "name": "CVE-2024-26993", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26993" }, { "name": "CVE-2024-1975", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975" }, { "name": "CVE-2024-40898", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40898" }, { "name": "CVE-2024-26852", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26852" }, { "name": "CVE-2011-5094", "url": "https://www.cve.org/CVERecord?id=CVE-2011-5094" }, { "name": "CVE-2025-30657", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30657" }, { "name": "CVE-2025-30660", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30660" }, { "name": "CVE-2024-1737", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737" }, { "name": "CVE-2024-33600", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600" }, { "name": "CVE-2024-3652", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3652" }, { "name": "CVE-2024-44187", "url": "https://www.cve.org/CVERecord?id=CVE-2024-44187" }, { "name": "CVE-2025-21601", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21601" }, { "name": "CVE-2024-32021", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32021" }, { "name": "CVE-2024-40725", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40725" }, { "name": "CVE-2019-7611", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7611" }, { "name": "CVE-2024-33599", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599" }, { "name": "CVE-2025-21591", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21591" }, { "name": "CVE-2025-30649", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30649" }, { "name": "CVE-2025-30652", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30652" }, { "name": "CVE-2024-40789", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40789" }, { "name": "CVE-2024-35845", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845" }, { "name": "CVE-2025-30651", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30651" }, { "name": "CVE-2024-32004", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32004" }, { "name": "CVE-2024-39884", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39884" }, { "name": "CVE-2023-48161", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161" }, { "name": "CVE-2024-32020", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32020" }, { "name": "CVE-2024-0450", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450" }, { "name": "CVE-2024-27838", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27838" }, { "name": "CVE-2024-23271", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23271" }, { "name": "CVE-2024-39487", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39487" }, { "name": "CVE-2024-36971", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971" }, { "name": "CVE-2024-33601", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601" }, { "name": "CVE-2025-30647", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30647" }, { "name": "CVE-2024-32465", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32465" }, { "name": "CVE-2011-1473", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473" }, { "name": "CVE-2025-30654", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30654" }, { "name": "CVE-2025-30655", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30655" }, { "name": "CVE-2024-40782", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40782" }, { "name": "CVE-2024-26735", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26735" }, { "name": "CVE-2024-35899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35899" }, { "name": "CVE-2024-40954", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954" }, { "name": "CVE-2021-47596", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47596" }, { "name": "CVE-2025-30659", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30659" }, { "name": "CVE-2025-30653", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30653" }, { "name": "CVE-2025-30645", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30645" }, { "name": "CVE-2020-7021", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7021" }, { "name": "CVE-2021-22135", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22135" }, { "name": "CVE-2025-30646", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30646" }, { "name": "CVE-2024-27851", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27851" }, { "name": "CVE-2025-30644", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30644" }, { "name": "CVE-2024-3651", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651" }, { "name": "CVE-2025-30656", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30656" }, { "name": "CVE-2022-39253", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39253" }, { "name": "CVE-2021-22144", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22144" }, { "name": "CVE-2024-40958", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958" }, { "name": "CVE-2025-21595", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21595" }, { "name": "CVE-2025-30648", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30648" }, { "name": "CVE-2024-21210", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210" }, { "name": "CVE-2021-22137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22137" }, { "name": "CVE-2024-32002", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32002" }, { "name": "CVE-2024-2961", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961" }, { "name": "CVE-2024-21217", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217" }, { "name": "CVE-2024-28182", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182" }, { "name": "CVE-2023-6597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597" }, { "name": "CVE-2022-24808", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808" }, { "name": "CVE-2024-21208", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208" }, { "name": "CVE-2025-21594", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21594" }, { "name": "CVE-2020-7020", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7020" } ], "initial_release_date": "2025-04-10T00:00:00", "last_revision_date": "2025-04-10T00:00:00", "links": [], "reference": "CERTFR-2025-AVI-0304", "revisions": [ { "description": "Version initiale", "revision_date": "2025-04-10T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks", "vendor_advisories": [ { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96456", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-malformed-LLDP-TLV-results-in-l2cpd-crash-CVE-2025-30646" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96447", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R3-release" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96467", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-Processing-of-a-specific-BGP-update-causes-the-SRRD-process-to-crash-CVE-2025-30657?language=en_US" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96461", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-ICMPv6-packet-causes-a-memory-overrun-leading-to-an-rpd-crash-CVE-2025-30651" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96446", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R3-release" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96451", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-rib-sharding-and-update-threading-are-configured-and-a-peer-flaps-an-rpd-core-is-observed" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96470", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-A-device-configured-for-vector-routing-crashes-when-receiving-specific-traffic-CVE-2025-30659?language=en_US" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96458", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-DHCP-packet-causes-jdhcpd-process-to-crash-CVE-2025-30648" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96462", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-CLI-command-when-asregex-optimized-is-configured-causes-an-RPD-crash-CVE-2025-30652" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96457", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Subscriber-login-logout-activity-will-lead-to-a-memory-leak-CVE-2025-30647" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96466", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-SRX-Series-Processing-of-specific-SIP-INVITE-messages-by-the-SIP-ALG-will-lead-to-an-FPC-crash-CVE-2025-30656?language=en_US" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96463", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-LSP-flap-in-a-specific-MPLS-LSP-scenario-leads-to-RPD-crash-CVE-2025-30653" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96459", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX240-MX480-MX960-with-SPC3-An-attacker-sending-specific-packets-will-cause-a-CPU-utilization-DoS-CVE-2025-30649" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96450", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-VXLAN-scenario-specific-ARP-or-NDP-packets-cause-FPC-to-crash-CVE-2025-21595" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96464", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-local-low-privileged-user-can-access-sensitive-information-CVE-2025-30654" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96453", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-EX2300-EX3400-EX4000-Series-QFX5k-Series-Receipt-of-a-specific-DHCP-packet-causes-FPC-crash-when-DHCP-Option-82-is-enabled-CVE-2025-30644" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96465", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-CLI-command-will-cause-a-RPD-crash-when-rib-sharding-and-update-threading-is-enabled-CVE-2025-30655?language=en_US" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96444", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-CTP-View-Multiple-Vulnerabilities-resolved-in-9-2R1-release" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96469", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-On-devices-with-Anti-Virus-enabled-malicious-server-responses-will-cause-memory-to-leak-ultimately-causing-forwarding-to-stop-CVE-2025-30658?language=en_US" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96448", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-An-unauthenticated-adjacent-attacker-sending-a-malformed-DHCP-packet-causes-jdhcpd-to-crash-CVE-2025-21591" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96471", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Decapsulation-of-specific-GRE-packets-leads-to-PFE-reset-CVE-2025-30660?language=en_US" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96449", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-In-DS-lite-and-NAT-senario-receipt-of-crafted-IPv4-traffic-causes-port-block-CVE-2025-21594" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96455", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-Transmission-of-specific-control-traffic-sent-out-of-a-DS-Lite-tunnel-results-in-flowd-crash-CVE-2025-30645" }, { "published_at": "2025-04-09", "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96452", "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-and-EX-Series-MX240-MX480-MX960-QFX5120-Series-When-web-management-is-enabled-for-specific-services-an-attacker-may-cause-a-CPU-spike-by-sending-genuine-packets-to-the-device-CVE-2025-21601" } ] }
CVE-2024-27820 (GCVE-0-2024-27820)
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Processing web content may lead to arbitrary code execution
Summary
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
||
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "iphone_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "16.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "16.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mac_os", "vendor": "apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "visionos", "vendor": "apple", "versions": [ { "lessThan": "1.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "watchos", "vendor": "apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "safari", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tvos", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27820", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-14T03:56:09.764Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.470Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214100" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214108" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214103" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214102" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jun/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "16.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "visionOS", "vendor": "Apple", "versions": [ { "lessThan": "1.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Safari", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing web content may lead to arbitrary code execution", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-12T04:06:04.778Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214100" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "https://support.apple.com/en-us/HT214108" }, { "url": "https://support.apple.com/en-us/HT214104" }, { "url": "https://support.apple.com/en-us/HT214103" }, { "url": "https://support.apple.com/en-us/HT214102" }, { "url": "http://seclists.org/fulldisclosure/2024/Jun/5" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27820", "datePublished": "2024-06-10T20:56:43.282Z", "dateReserved": "2024-02-26T15:32:28.523Z", "dateUpdated": "2025-02-13T17:46:47.976Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30644 (GCVE-0-2025-30644)
Vulnerability from cvelistv5
Published
2025-04-09 19:52
Modified
2025-05-07 18:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
Under a rare timing scenario outside the attacker's control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component.
This issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series:
* All versions before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R2.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30644", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-10T03:55:42.671128Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-07T18:55:01.374Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "EX2300", "EX3400", "EX4100", "EX4300", "EX4300MP", "EX4400", "EX4600", "EX4650-48Y", "QFX5k Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.4R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "22.2R3-S5", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S5", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S3", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue only occurs when DHCP forwarding-options Option 82 is enabled, as shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[vlans \u0026lt;name\u0026gt; forwarding-options dhcp-security option-82]\u003c/tt\u003e" } ], "value": "This issue only occurs when DHCP forwarding-options Option 82 is enabled, as shown below:\n\n[vlans \u003cname\u003e forwarding-options dhcp-security option-82]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eUnder a rare timing scenario outside the attacker\u0027s control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: \u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e" } ], "value": "A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nUnder a rare timing scenario outside the attacker\u0027s control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component.\nThis issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: \n\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R2." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 7.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:N/R:A/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:52:16.737Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96453" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA96453", "defect": [ "1818760" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Disable\u0026nbsp;dhcp-option82 if it is not required." } ], "value": "Disable\u00a0dhcp-option82 if it is not required." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30644", "datePublished": "2025-04-09T19:52:16.737Z", "dateReserved": "2025-03-24T19:34:11.320Z", "dateUpdated": "2025-05-07T18:55:01.374Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30648 (GCVE-0-2025-30648)
Vulnerability from cvelistv5
Published
2025-04-09 19:54
Modified
2025-04-09 20:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS).
When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS. The DHCP process will restart automatically to recover the service.
This issue will occur when dhcp-security is enabled.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2;
Junos OS Evolved: * from 22.4 before 22.4R3-S6-EVO,
* from 23.2 before 23.2R2-S3-EVO,
* from 23.4 before 23.4R2-S4-EVO,
* from 24.2 before 24.2R2-EVO.
.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30648", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:05:56.597700Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:06:17.698Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S10", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S6", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S4", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "22.4R3-S6-EVO", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3-EVO", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S4-EVO", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R2-EVO", "status": "affected", "version": "24.2", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is seen when dhcp-security is enabled:\u003cbr\u003e\u0026nbsp;\u003cbr\u003e\u003ctt\u003e[ vlans \u0026lt;vlan-name\u0026gt; forwarding-options dhcp-security ]\u003c/tt\u003e" } ], "value": "This issue is seen when dhcp-security is enabled:\n\u00a0\n[ vlans \u003cvlan-name\u003e forwarding-options dhcp-security ]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Input Validation vulnerability in the\u0026nbsp;\u003c/span\u003eJuniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which\u0026nbsp;\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003ewill lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThe DHCP process will restart automatically \u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eto recover the service.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eThis issue will occur when\u0026nbsp;dhcp-security is enabled.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eJunos OS Evolved:\u0026nbsp;\u003cul\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e.\u003c/p\u003e" } ], "value": "An Improper Input Validation vulnerability in the\u00a0Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS).\n\nWhen a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which\u00a0will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS.\u00a0The DHCP process will restart automatically to recover the service.\n\nThis issue will occur when\u00a0dhcp-security is enabled.\u00a0\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S6,\u00a0\n * from 22.4 before 22.4R3-S6,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S4,\u00a0\n * from 24.2 before 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0 * from 22.4 before 22.4R3-S6-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S4-EVO,\u00a0\n * from 24.2 before 24.2R2-EVO.\n\n\n\n\n." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:54:41.339Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96458" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS Evolved: 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all\u0026nbsp;subsequent releases.\u003cbr\u003e\u003cbr\u003eJunos: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all\u00a0subsequent releases.\n\nJunos: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA96458", "defect": [ "1842682" ], "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS and Junos OS Evolved: Receipt of a specifically malformed DHCP packet causes jdhcpd process to crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30648", "datePublished": "2025-04-09T19:54:41.339Z", "dateReserved": "2025-03-24T19:34:11.321Z", "dateUpdated": "2025-04-09T20:06:17.698Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-35899 (GCVE-0-2024-35899)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: flush pending destroy work before exit_net release
Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy
work before netlink notifier") to address a race between exit_net and
the destroy workqueue.
The trace below shows an element to be released via destroy workqueue
while exit_net path (triggered via module removal) has already released
the set that is used in such transaction.
[ 1360.547789] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]
[ 1360.547861] Read of size 8 at addr ffff888140500cc0 by task kworker/4:1/152465
[ 1360.547870] CPU: 4 PID: 152465 Comm: kworker/4:1 Not tainted 6.8.0+ #359
[ 1360.547882] Workqueue: events nf_tables_trans_destroy_work [nf_tables]
[ 1360.547984] Call Trace:
[ 1360.547991] <TASK>
[ 1360.547998] dump_stack_lvl+0x53/0x70
[ 1360.548014] print_report+0xc4/0x610
[ 1360.548026] ? __virt_addr_valid+0xba/0x160
[ 1360.548040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1360.548054] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]
[ 1360.548176] kasan_report+0xae/0xe0
[ 1360.548189] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]
[ 1360.548312] nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]
[ 1360.548447] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [nf_tables]
[ 1360.548577] ? _raw_spin_unlock_irq+0x18/0x30
[ 1360.548591] process_one_work+0x2f1/0x670
[ 1360.548610] worker_thread+0x4d3/0x760
[ 1360.548627] ? __pfx_worker_thread+0x10/0x10
[ 1360.548640] kthread+0x16b/0x1b0
[ 1360.548653] ? __pfx_kthread+0x10/0x10
[ 1360.548665] ret_from_fork+0x2f/0x50
[ 1360.548679] ? __pfx_kthread+0x10/0x10
[ 1360.548690] ret_from_fork_asm+0x1a/0x30
[ 1360.548707] </TASK>
[ 1360.548719] Allocated by task 192061:
[ 1360.548726] kasan_save_stack+0x20/0x40
[ 1360.548739] kasan_save_track+0x14/0x30
[ 1360.548750] __kasan_kmalloc+0x8f/0xa0
[ 1360.548760] __kmalloc_node+0x1f1/0x450
[ 1360.548771] nf_tables_newset+0x10c7/0x1b50 [nf_tables]
[ 1360.548883] nfnetlink_rcv_batch+0xbc4/0xdc0 [nfnetlink]
[ 1360.548909] nfnetlink_rcv+0x1a8/0x1e0 [nfnetlink]
[ 1360.548927] netlink_unicast+0x367/0x4f0
[ 1360.548935] netlink_sendmsg+0x34b/0x610
[ 1360.548944] ____sys_sendmsg+0x4d4/0x510
[ 1360.548953] ___sys_sendmsg+0xc9/0x120
[ 1360.548961] __sys_sendmsg+0xbe/0x140
[ 1360.548971] do_syscall_64+0x55/0x120
[ 1360.548982] entry_SYSCALL_64_after_hwframe+0x55/0x5d
[ 1360.548994] Freed by task 192222:
[ 1360.548999] kasan_save_stack+0x20/0x40
[ 1360.549009] kasan_save_track+0x14/0x30
[ 1360.549019] kasan_save_free_info+0x3b/0x60
[ 1360.549028] poison_slab_object+0x100/0x180
[ 1360.549036] __kasan_slab_free+0x14/0x30
[ 1360.549042] kfree+0xb6/0x260
[ 1360.549049] __nft_release_table+0x473/0x6a0 [nf_tables]
[ 1360.549131] nf_tables_exit_net+0x170/0x240 [nf_tables]
[ 1360.549221] ops_exit_list+0x50/0xa0
[ 1360.549229] free_exit_list+0x101/0x140
[ 1360.549236] unregister_pernet_operations+0x107/0x160
[ 1360.549245] unregister_pernet_subsys+0x1c/0x30
[ 1360.549254] nf_tables_module_exit+0x43/0x80 [nf_tables]
[ 1360.549345] __do_sys_delete_module+0x253/0x370
[ 1360.549352] do_syscall_64+0x55/0x120
[ 1360.549360] entry_SYSCALL_64_after_hwframe+0x55/0x5d
(gdb) list *__nft_release_table+0x473
0x1e033 is in __nft_release_table (net/netfilter/nf_tables_api.c:11354).
11349 list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
11350 list_del(&flowtable->list);
11351 nft_use_dec(&table->use);
11352 nf_tables_flowtable_destroy(flowtable);
11353 }
11354 list_for_each_entry_safe(set, ns, &table->sets, list) {
11355 list_del(&set->list);
11356 nft_use_dec(&table->use);
11357 if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))
11358 nft_map_deactivat
---truncated---
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux |
Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 |
||
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "f4e14695fe80", "status": "affected", "version": "0935d5588400", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "46c4481938e2", "status": "affected", "version": "0935d5588400", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "f7e3c88cc2a9", "status": "affected", "version": "0935d5588400", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "4e8447a9a3d3", "status": "affected", "version": "0935d5588400", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "333b5085522c", "status": "affected", "version": "0935d5588400", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "d2c9eb19fc3b", "status": "affected", "version": "0935d5588400", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "24cea9677025", "status": "affected", "version": "0935d5588400", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "4.20", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.5", "status": "unaffected", "version": "5.4.274", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.9", "status": "unaffected", "version": "6.8.5", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "6.9" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:4.20:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "affected", "version": "4.20" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.11", "status": "unaffected", "version": "5.10.215", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.16", "status": "unaffected", "version": "5.15.154", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.2", "status": "unaffected", "version": "6.1.85", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.7", "status": "unaffected", "version": "6.6.26", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-35899", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-16T21:12:26.045912Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-16T21:12:59.375Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:21:48.989Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f4e14695fe805eb0f0cb36e0ad6a560b9f985e86" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/46c4481938e2ca62343b16ea83ab28f4c1733d31" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f7e3c88cc2a977c2b9a8aa52c1ce689e7b394e49" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4e8447a9a3d367b5065a0b7abe101da6e0037b6e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/333b5085522cf1898d5a0d92616046b414f631a7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d2c9eb19fc3b11caebafde4c30a76a49203d18a6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/24cea9677025e0de419989ecb692acd4bb34cac2" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/netfilter/nf_tables_api.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f4e14695fe805eb0f0cb36e0ad6a560b9f985e86", "status": "affected", "version": "0935d558840099b3679c67bb7468dc78fcbad940", "versionType": "git" }, { "lessThan": "46c4481938e2ca62343b16ea83ab28f4c1733d31", "status": "affected", "version": "0935d558840099b3679c67bb7468dc78fcbad940", "versionType": "git" }, { "lessThan": "f7e3c88cc2a977c2b9a8aa52c1ce689e7b394e49", "status": "affected", "version": "0935d558840099b3679c67bb7468dc78fcbad940", "versionType": "git" }, { "lessThan": "4e8447a9a3d367b5065a0b7abe101da6e0037b6e", "status": "affected", "version": "0935d558840099b3679c67bb7468dc78fcbad940", "versionType": "git" }, { "lessThan": "333b5085522cf1898d5a0d92616046b414f631a7", "status": "affected", "version": "0935d558840099b3679c67bb7468dc78fcbad940", "versionType": "git" }, { "lessThan": "d2c9eb19fc3b11caebafde4c30a76a49203d18a6", "status": "affected", "version": "0935d558840099b3679c67bb7468dc78fcbad940", "versionType": "git" }, { "lessThan": "24cea9677025e0de419989ecb692acd4bb34cac2", "status": "affected", "version": "0935d558840099b3679c67bb7468dc78fcbad940", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/netfilter/nf_tables_api.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.20" }, { "lessThan": "4.20", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.274", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.215", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.154", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.85", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.26", "versionType": "semver" }, { "lessThanOrEqual": "6.8.*", "status": "unaffected", "version": "6.8.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.274", "versionStartIncluding": "4.20", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.215", "versionStartIncluding": "4.20", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.154", "versionStartIncluding": "4.20", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.85", "versionStartIncluding": "4.20", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.26", "versionStartIncluding": "4.20", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.8.5", "versionStartIncluding": "4.20", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9", "versionStartIncluding": "4.20", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: flush pending destroy work before exit_net release\n\nSimilar to 2c9f0293280e (\"netfilter: nf_tables: flush pending destroy\nwork before netlink notifier\") to address a race between exit_net and\nthe destroy workqueue.\n\nThe trace below shows an element to be released via destroy workqueue\nwhile exit_net path (triggered via module removal) has already released\nthe set that is used in such transaction.\n\n[ 1360.547789] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.547861] Read of size 8 at addr ffff888140500cc0 by task kworker/4:1/152465\n[ 1360.547870] CPU: 4 PID: 152465 Comm: kworker/4:1 Not tainted 6.8.0+ #359\n[ 1360.547882] Workqueue: events nf_tables_trans_destroy_work [nf_tables]\n[ 1360.547984] Call Trace:\n[ 1360.547991] \u003cTASK\u003e\n[ 1360.547998] dump_stack_lvl+0x53/0x70\n[ 1360.548014] print_report+0xc4/0x610\n[ 1360.548026] ? __virt_addr_valid+0xba/0x160\n[ 1360.548040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 1360.548054] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548176] kasan_report+0xae/0xe0\n[ 1360.548189] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548312] nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548447] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [nf_tables]\n[ 1360.548577] ? _raw_spin_unlock_irq+0x18/0x30\n[ 1360.548591] process_one_work+0x2f1/0x670\n[ 1360.548610] worker_thread+0x4d3/0x760\n[ 1360.548627] ? __pfx_worker_thread+0x10/0x10\n[ 1360.548640] kthread+0x16b/0x1b0\n[ 1360.548653] ? __pfx_kthread+0x10/0x10\n[ 1360.548665] ret_from_fork+0x2f/0x50\n[ 1360.548679] ? __pfx_kthread+0x10/0x10\n[ 1360.548690] ret_from_fork_asm+0x1a/0x30\n[ 1360.548707] \u003c/TASK\u003e\n\n[ 1360.548719] Allocated by task 192061:\n[ 1360.548726] kasan_save_stack+0x20/0x40\n[ 1360.548739] kasan_save_track+0x14/0x30\n[ 1360.548750] __kasan_kmalloc+0x8f/0xa0\n[ 1360.548760] __kmalloc_node+0x1f1/0x450\n[ 1360.548771] nf_tables_newset+0x10c7/0x1b50 [nf_tables]\n[ 1360.548883] nfnetlink_rcv_batch+0xbc4/0xdc0 [nfnetlink]\n[ 1360.548909] nfnetlink_rcv+0x1a8/0x1e0 [nfnetlink]\n[ 1360.548927] netlink_unicast+0x367/0x4f0\n[ 1360.548935] netlink_sendmsg+0x34b/0x610\n[ 1360.548944] ____sys_sendmsg+0x4d4/0x510\n[ 1360.548953] ___sys_sendmsg+0xc9/0x120\n[ 1360.548961] __sys_sendmsg+0xbe/0x140\n[ 1360.548971] do_syscall_64+0x55/0x120\n[ 1360.548982] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n\n[ 1360.548994] Freed by task 192222:\n[ 1360.548999] kasan_save_stack+0x20/0x40\n[ 1360.549009] kasan_save_track+0x14/0x30\n[ 1360.549019] kasan_save_free_info+0x3b/0x60\n[ 1360.549028] poison_slab_object+0x100/0x180\n[ 1360.549036] __kasan_slab_free+0x14/0x30\n[ 1360.549042] kfree+0xb6/0x260\n[ 1360.549049] __nft_release_table+0x473/0x6a0 [nf_tables]\n[ 1360.549131] nf_tables_exit_net+0x170/0x240 [nf_tables]\n[ 1360.549221] ops_exit_list+0x50/0xa0\n[ 1360.549229] free_exit_list+0x101/0x140\n[ 1360.549236] unregister_pernet_operations+0x107/0x160\n[ 1360.549245] unregister_pernet_subsys+0x1c/0x30\n[ 1360.549254] nf_tables_module_exit+0x43/0x80 [nf_tables]\n[ 1360.549345] __do_sys_delete_module+0x253/0x370\n[ 1360.549352] do_syscall_64+0x55/0x120\n[ 1360.549360] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n\n(gdb) list *__nft_release_table+0x473\n0x1e033 is in __nft_release_table (net/netfilter/nf_tables_api.c:11354).\n11349 list_for_each_entry_safe(flowtable, nf, \u0026table-\u003eflowtables, list) {\n11350 list_del(\u0026flowtable-\u003elist);\n11351 nft_use_dec(\u0026table-\u003euse);\n11352 nf_tables_flowtable_destroy(flowtable);\n11353 }\n11354 list_for_each_entry_safe(set, ns, \u0026table-\u003esets, list) {\n11355 list_del(\u0026set-\u003elist);\n11356 nft_use_dec(\u0026table-\u003euse);\n11357 if (set-\u003eflags \u0026 (NFT_SET_MAP | NFT_SET_OBJECT))\n11358 nft_map_deactivat\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2025-05-04T09:07:56.404Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f4e14695fe805eb0f0cb36e0ad6a560b9f985e86" }, { "url": "https://git.kernel.org/stable/c/46c4481938e2ca62343b16ea83ab28f4c1733d31" }, { "url": "https://git.kernel.org/stable/c/f7e3c88cc2a977c2b9a8aa52c1ce689e7b394e49" }, { "url": "https://git.kernel.org/stable/c/4e8447a9a3d367b5065a0b7abe101da6e0037b6e" }, { "url": "https://git.kernel.org/stable/c/333b5085522cf1898d5a0d92616046b414f631a7" }, { "url": "https://git.kernel.org/stable/c/d2c9eb19fc3b11caebafde4c30a76a49203d18a6" }, { "url": "https://git.kernel.org/stable/c/24cea9677025e0de419989ecb692acd4bb34cac2" } ], "title": "netfilter: nf_tables: flush pending destroy work before exit_net release", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-35899", "datePublished": "2024-05-19T08:34:53.267Z", "dateReserved": "2024-05-17T13:50:33.114Z", "dateUpdated": "2025-05-04T09:07:56.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-21601 (GCVE-0-2025-21601)
Vulnerability from cvelistv5
Published
2025-04-09 19:51
Modified
2025-04-15 20:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- 573 - Improper Following of Specification by Caller
Summary
An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive.
Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition.
This issue affects Junos OS:
* All versions before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S4,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S1, 24.2R2.
An indicator of compromise is to review the CPU % of the httpd process in the CLI:
e.g.
show system processes extensive | match httpd PID nobody 52 0 20M 191M select 2 0:01 80.00% httpd{httpd} <<<<< the percentage of httpd usage if high may be an indicator
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-21601", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-10T13:11:29.847130Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-573", "description": "CWE-573 Improper Following of Specification by Caller", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-15T20:30:05.134Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "J-Web", "Captive Portal", "802.1X", "Juniper Secure Connect (JSC)", "Firewall Authentication" ], "packageName": "AppWeb", "platforms": [ "SRX Series", "EX Series", "MX240", "MX480", "MX960", "QFX5120 Series" ], "product": "Junos OS", "programRoutines": [ { "name": "Mbedthis AppWeb" } ], "repo": "https://www.embedthis.com/appweb", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.4R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "22.2R3-S5", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S4", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S3", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R1-S1, 24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe following minimal configuration is necessary:\u003c/p\u003e\u003ccode\u003e\u0026nbsp; [ system services web-management ]\u003c/code\u003e" } ], "value": "The following minimal configuration is necessary:\n\n\u00a0 [ system services web-management ]" } ], "credits": [ { "lang": "en", "type": "reporter", "value": "Alexander Zielke with VegaSystems GmbH \u0026 Co. KG" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003eJuniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;un\u003c/span\u003eauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. \u003cbr\u003e\u003cbr\u003eContinuous receipt of these packets will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S9,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S4,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S1, 24.2R2.\u003c/li\u003e\u003c/ul\u003eAn indicator of compromise is to review the CPU % of the httpd process in the CLI:\u003cbr\u003ee.g.\u003cbr\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;show system processes extensive | match httpd\u003c/span\u003e\u003cp\u003e\u003cstrong\u003e\u0026nbsp; \u003c/strong\u003ePID nobody \u0026nbsp; \u0026nbsp; \u0026nbsp; 52 \u0026nbsp; 0 \u0026nbsp; 20M\u0026nbsp; \u0026nbsp; 191M select \u0026nbsp; 2 \u0026nbsp; 0:01 \u0026nbsp; 80.00% httpd{httpd} \u003cstrong\u003e\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt; the percentage of httpd usage if high may be an indicator\u003c/strong\u003e\u003c/p\u003e" } ], "value": "An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of\u00a0Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an\u00a0unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. \n\nContinuous receipt of these packets will create a sustained Denial of Service (DoS) condition.\n\n\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\n * from 22.2 before 22.2R3-S5,\n * from 22.4 before 22.4R3-S4,\n * from 23.2 before 23.2R2-S3,\n * from 23.4 before 23.4R2-S3,\n * from 24.2 before 24.2R1-S1, 24.2R2.\n\n\nAn indicator of compromise is to review the CPU % of the httpd process in the CLI:\ne.g.\n\u00a0\u00a0show system processes extensive | match httpd\u00a0 PID nobody \u00a0 \u00a0 \u00a0 52 \u00a0 0 \u00a0 20M\u00a0 \u00a0 191M select \u00a0 2 \u00a0 0:01 \u00a0 80.00% httpd{httpd} \u003c\u003c\u003c\u003c\u003c the percentage of httpd usage if high may be an indicator" } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "573 - Improper Following of Specification by Caller", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:51:36.325Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96452" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S9, 22.2R3-S5, 22.4R3-S4, 23.2R2-S3, 23.4R2-S3, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S9, 22.2R3-S5, 22.4R3-S4, 23.2R2-S3, 23.4R2-S3, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA96452", "defect": [ "1827265" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eTo reduce the risk of exploitation use authentication when using web management services.\u003cbr\u003e" } ], "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use authentication when using web management services." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-21601", "datePublished": "2025-04-09T19:51:36.325Z", "dateReserved": "2024-12-26T14:47:11.670Z", "dateUpdated": "2025-04-15T20:30:05.134Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-22137 (GCVE-0-2021-22137)
Vulnerability from cvelistv5
Published
2021-05-13 17:35
Modified
2024-08-03 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Elastic | Elasticsearch |
Version: before 7.11.2 and 6.8.15 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:30:23.940Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210625-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Elasticsearch", "vendor": "Elastic", "versions": [ { "status": "affected", "version": "before 7.11.2 and 6.8.15" } ] } ], "descriptions": [ { "lang": "en", "value": "In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-25T05:06:35", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210625-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-22137", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Elasticsearch", "version": { "version_data": [ { "version_value": "before 7.11.2 and 6.8.15" } ] } } ] }, "vendor_name": "Elastic" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" }, { "name": "https://security.netapp.com/advisory/ntap-20210625-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210625-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2021-22137", "datePublished": "2021-05-13T17:35:18", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:30:23.940Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-40958 (GCVE-0-2024-40958)
Vulnerability from cvelistv5
Published
2024-07-12 12:32
Modified
2025-05-04 09:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netns: Make get_net_ns() handle zero refcount net
Syzkaller hit a warning:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0
Modules linked in:
CPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:refcount_warn_saturate+0xdf/0x1d0
Code: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 <0f> 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1
RSP: 0018:ffff8881067b7da0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac
RDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001
RBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139
R10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4
R13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040
FS: 00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? show_regs+0xa3/0xc0
? __warn+0xa5/0x1c0
? refcount_warn_saturate+0xdf/0x1d0
? report_bug+0x1fc/0x2d0
? refcount_warn_saturate+0xdf/0x1d0
? handle_bug+0xa1/0x110
? exc_invalid_op+0x3c/0xb0
? asm_exc_invalid_op+0x1f/0x30
? __warn_printk+0xcc/0x140
? __warn_printk+0xd5/0x140
? refcount_warn_saturate+0xdf/0x1d0
get_net_ns+0xa4/0xc0
? __pfx_get_net_ns+0x10/0x10
open_related_ns+0x5a/0x130
__tun_chr_ioctl+0x1616/0x2370
? __sanitizer_cov_trace_switch+0x58/0xa0
? __sanitizer_cov_trace_const_cmp2+0x1c/0x30
? __pfx_tun_chr_ioctl+0x10/0x10
tun_chr_ioctl+0x2f/0x40
__x64_sys_ioctl+0x11b/0x160
x64_sys_call+0x1211/0x20d0
do_syscall_64+0x9e/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5b28f165d7
Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8
RSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7
RDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003
RBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0
R10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730
R13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Kernel panic - not syncing: kernel: panic_on_warn set ...
This is trigger as below:
ns0 ns1
tun_set_iff() //dev is tun0
tun->dev = dev
//ip link set tun0 netns ns1
put_net() //ref is 0
__tun_chr_ioctl() //TUNGETDEVNETNS
net = dev_net(tun->dev);
open_related_ns(&net->ns, get_net_ns); //ns1
get_net_ns()
get_net() //addition on 0
Use maybe_get_net() in get_net_ns in case net's ref is zero to fix this
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux |
Version: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f Version: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f Version: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f Version: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f Version: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f Version: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f Version: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f |
||
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:39:55.927Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3a6cd326ead7c8bb1f64486789a01974a9f1ad55" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2b82028a1f5ee3a8e04090776b10c534144ae77b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cb7f811f638a14590ff98f53c6dd1fb54627d940" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1b631bffcb2c09551888f3c723f4365c91fe05ef" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ef0394ca25953ea0eddcc82feae1f750451f1876" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3af28df0d883e8c89a29ac31bc65f9023485743b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ff960f9d3edbe08a736b5a224d91a305ccc946b0" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-40958", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:03:35.616951Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:23.921Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/core/net_namespace.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3a6cd326ead7c8bb1f64486789a01974a9f1ad55", "status": "affected", "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f", "versionType": "git" }, { "lessThan": "2b82028a1f5ee3a8e04090776b10c534144ae77b", "status": "affected", "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f", "versionType": "git" }, { "lessThan": "cb7f811f638a14590ff98f53c6dd1fb54627d940", "status": "affected", "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f", "versionType": "git" }, { "lessThan": "1b631bffcb2c09551888f3c723f4365c91fe05ef", "status": "affected", "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f", "versionType": "git" }, { "lessThan": "ef0394ca25953ea0eddcc82feae1f750451f1876", "status": "affected", "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f", "versionType": "git" }, { "lessThan": "3af28df0d883e8c89a29ac31bc65f9023485743b", "status": "affected", "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f", "versionType": "git" }, { "lessThan": "ff960f9d3edbe08a736b5a224d91a305ccc946b0", "status": "affected", "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/core/net_namespace.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.2" }, { "lessThan": "5.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.279", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.221", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.162", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.96", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.36", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.279", "versionStartIncluding": "5.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.221", "versionStartIncluding": "5.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.96", "versionStartIncluding": "5.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.36", "versionStartIncluding": "5.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9.7", "versionStartIncluding": "5.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.10", "versionStartIncluding": "5.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetns: Make get_net_ns() handle zero refcount net\n\nSyzkaller hit a warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0\nModules linked in:\nCPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xdf/0x1d0\nCode: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 \u003c0f\u003e 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1\nRSP: 0018:ffff8881067b7da0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac\nRDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001\nRBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139\nR10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4\nR13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040\nFS: 00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0xa3/0xc0\n ? __warn+0xa5/0x1c0\n ? refcount_warn_saturate+0xdf/0x1d0\n ? report_bug+0x1fc/0x2d0\n ? refcount_warn_saturate+0xdf/0x1d0\n ? handle_bug+0xa1/0x110\n ? exc_invalid_op+0x3c/0xb0\n ? asm_exc_invalid_op+0x1f/0x30\n ? __warn_printk+0xcc/0x140\n ? __warn_printk+0xd5/0x140\n ? refcount_warn_saturate+0xdf/0x1d0\n get_net_ns+0xa4/0xc0\n ? __pfx_get_net_ns+0x10/0x10\n open_related_ns+0x5a/0x130\n __tun_chr_ioctl+0x1616/0x2370\n ? __sanitizer_cov_trace_switch+0x58/0xa0\n ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30\n ? __pfx_tun_chr_ioctl+0x10/0x10\n tun_chr_ioctl+0x2f/0x40\n __x64_sys_ioctl+0x11b/0x160\n x64_sys_call+0x1211/0x20d0\n do_syscall_64+0x9e/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f5b28f165d7\nCode: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8\nRSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7\nRDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003\nRBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0\nR10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730\nR13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nThis is trigger as below:\n ns0 ns1\ntun_set_iff() //dev is tun0\n tun-\u003edev = dev\n//ip link set tun0 netns ns1\n put_net() //ref is 0\n__tun_chr_ioctl() //TUNGETDEVNETNS\n net = dev_net(tun-\u003edev);\n open_related_ns(\u0026net-\u003ens, get_net_ns); //ns1\n get_net_ns()\n get_net() //addition on 0\n\nUse maybe_get_net() in get_net_ns in case net\u0027s ref is zero to fix this" } ], "providerMetadata": { "dateUpdated": "2025-05-04T09:18:47.835Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3a6cd326ead7c8bb1f64486789a01974a9f1ad55" }, { "url": "https://git.kernel.org/stable/c/2b82028a1f5ee3a8e04090776b10c534144ae77b" }, { "url": "https://git.kernel.org/stable/c/cb7f811f638a14590ff98f53c6dd1fb54627d940" }, { "url": "https://git.kernel.org/stable/c/1b631bffcb2c09551888f3c723f4365c91fe05ef" }, { "url": "https://git.kernel.org/stable/c/ef0394ca25953ea0eddcc82feae1f750451f1876" }, { "url": "https://git.kernel.org/stable/c/3af28df0d883e8c89a29ac31bc65f9023485743b" }, { "url": "https://git.kernel.org/stable/c/ff960f9d3edbe08a736b5a224d91a305ccc946b0" } ], "title": "netns: Make get_net_ns() handle zero refcount net", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-40958", "datePublished": "2024-07-12T12:32:00.431Z", "dateReserved": "2024-07-12T12:17:45.593Z", "dateUpdated": "2025-05-04T09:18:47.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-26993 (GCVE-0-2024-26993)
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
The sysfs_break_active_protection() routine has an obvious reference
leak in its error path. If the call to kernfs_find_and_get() fails then
kn will be NULL, so the companion sysfs_unbreak_active_protection()
routine won't get called (and would only cause an access violation by
trying to dereference kn->parent if it was called). As a result, the
reference to kobj acquired at the start of the function will never be
released.
Fix the leak by adding an explicit kobject_put() call when kn is NULL.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux |
Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: e8a37b2fd5b5087bec6cbbf6946ee3caa712953b Version: a6abc93760dd07fcd29760b70e6e7520f22cb288 Version: 461a6385e58e8247e6ba2005aa5d1b8d980ee4a2 Version: 8a5e02a0f46ea33ed19e48e096a8e8d28e73d10a Version: c984f4d1d40a2f349503b3faf946502ccbf02f9f Version: 807d1d299a04e9ad9a9dac55419c1137a105254b |
||
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26993", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-01T13:37:12.333218Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:44.436Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:21:05.900Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/sysfs/file.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f28bba37fe244889b81bb5c508d3f6e5c6e342c5", "status": "affected", "version": "2afc9166f79b8f6da5f347f48515215ceee4ae37", "versionType": "git" }, { "lessThan": "57baab0f376bec8f54b0fe6beb8f77a57c228063", "status": "affected", "version": "2afc9166f79b8f6da5f347f48515215ceee4ae37", "versionType": "git" }, { "lessThan": "84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17", "status": "affected", "version": "2afc9166f79b8f6da5f347f48515215ceee4ae37", "versionType": "git" }, { "lessThan": "43f00210cb257bcb0387e8caeb4b46375d67f30c", "status": "affected", "version": "2afc9166f79b8f6da5f347f48515215ceee4ae37", "versionType": "git" }, { "lessThan": "5d43e072285e81b0b63cee7189b3357c7768a43b", "status": "affected", "version": "2afc9166f79b8f6da5f347f48515215ceee4ae37", "versionType": "git" }, { "lessThan": "ac107356aabc362aaeb77463e814fc067a5d3957", "status": "affected", "version": "2afc9166f79b8f6da5f347f48515215ceee4ae37", "versionType": "git" }, { "lessThan": "a4c99b57d43bab45225ba92d574a8683f9edc8e4", "status": "affected", "version": "2afc9166f79b8f6da5f347f48515215ceee4ae37", "versionType": "git" }, { "lessThan": "a90bca2228c0646fc29a72689d308e5fe03e6d78", "status": "affected", "version": "2afc9166f79b8f6da5f347f48515215ceee4ae37", "versionType": "git" }, { "status": "affected", "version": "e8a37b2fd5b5087bec6cbbf6946ee3caa712953b", "versionType": "git" }, { "status": "affected", "version": "a6abc93760dd07fcd29760b70e6e7520f22cb288", "versionType": "git" }, { "status": "affected", "version": "461a6385e58e8247e6ba2005aa5d1b8d980ee4a2", "versionType": "git" }, { "status": "affected", "version": "8a5e02a0f46ea33ed19e48e096a8e8d28e73d10a", "versionType": "git" }, { "status": "affected", "version": "c984f4d1d40a2f349503b3faf946502ccbf02f9f", "versionType": "git" }, { "status": "affected", "version": "807d1d299a04e9ad9a9dac55419c1137a105254b", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/sysfs/file.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.19" }, { "lessThan": "4.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.313", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.275", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.216", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.157", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.88", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.29", "versionType": "semver" }, { "lessThanOrEqual": "6.8.*", "status": "unaffected", "version": "6.8.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.313", "versionStartIncluding": "4.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.275", "versionStartIncluding": "4.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.216", "versionStartIncluding": "4.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.157", "versionStartIncluding": "4.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.88", "versionStartIncluding": "4.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.29", "versionStartIncluding": "4.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.8.8", "versionStartIncluding": "4.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9", "versionStartIncluding": "4.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16.62", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18.121", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.154", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.125", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.68", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18.6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: sysfs: Fix reference leak in sysfs_break_active_protection()\n\nThe sysfs_break_active_protection() routine has an obvious reference\nleak in its error path. If the call to kernfs_find_and_get() fails then\nkn will be NULL, so the companion sysfs_unbreak_active_protection()\nroutine won\u0027t get called (and would only cause an access violation by\ntrying to dereference kn-\u003eparent if it was called). As a result, the\nreference to kobj acquired at the start of the function will never be\nreleased.\n\nFix the leak by adding an explicit kobject_put() call when kn is NULL." } ], "providerMetadata": { "dateUpdated": "2025-05-04T12:55:16.847Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5" }, { "url": "https://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063" }, { "url": "https://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17" }, { "url": "https://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c" }, { "url": "https://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b" }, { "url": "https://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957" }, { "url": "https://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4" }, { "url": "https://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78" } ], "title": "fs: sysfs: Fix reference leak in sysfs_break_active_protection()", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26993", "datePublished": "2024-05-01T05:28:02.462Z", "dateReserved": "2024-02-19T14:20:24.206Z", "dateUpdated": "2025-05-04T12:55:16.847Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-6232 (GCVE-0-2024-6232)
Vulnerability from cvelistv5
Published
2024-09-03 12:29
Modified
2025-03-20 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Summary
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
References
URL | Tags | |||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cpython", "vendor": "python", "versions": [ { "lessThan": "3.8.20", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "3.9.20", "status": "affected", "version": "3.9.0", "versionType": "custom" }, { "lessThan": "3.10.15", "status": "affected", "version": "3.10.0", "versionType": "custom" }, { "lessThan": "3.11.10", "status": "affected", "version": "3.11.0", "versionType": "custom" }, { "lessThan": "3.12.6", "status": "affected", "version": "3.12.0", "versionType": "custom" }, { "lessThan": "3.13.0rc2", "status": "affected", "version": "3.13.0a1", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-6232", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-04T15:24:31.176254Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-20T18:02:26.275Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-10-18T13:07:45.640Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/09/03/5" }, { "url": "https://security.netapp.com/advisory/ntap-20241018-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [ { "lessThan": "3.8.20", "status": "affected", "version": "0", "versionType": "python" }, { "lessThan": "3.9.20", "status": "affected", "version": "3.9.0", "versionType": "python" }, { "lessThan": "3.10.15", "status": "affected", "version": "3.10.0", "versionType": "python" }, { "lessThan": "3.11.10", "status": "affected", "version": "3.11.0", "versionType": "python" }, { "lessThan": "3.12.6", "status": "affected", "version": "3.12.0", "versionType": "python" }, { "lessThan": "3.13.0rc2", "status": "affected", "version": "3.13.0a1", "versionType": "python" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "Elias Joakim Myllym\u00e4ki" }, { "lang": "en", "type": "coordinator", "value": "Seth Larson" }, { "lang": "en", "type": "remediation developer", "value": "Seth Larson" }, { "lang": "en", "type": "remediation reviewer", "value": "Gregory P. Smith" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eThere is a MEDIUM severity vulnerability affecting CPython.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.\u0026nbsp; \u003c/div\u003e" } ], "value": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "CWE-1333 Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-31T19:54:59.572Z", "orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF" }, "references": [ { "tags": [ "patch" ], "url": "https://github.com/python/cpython/pull/121286" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/python/cpython/issues/121285" }, { "tags": [ "vendor-advisory" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4" } ], "source": { "discovery": "UNKNOWN" }, "title": "Regular-expression DoS when parsing TarFile headers", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "assignerShortName": "PSF", "cveId": "CVE-2024-6232", "datePublished": "2024-09-03T12:29:00.102Z", "dateReserved": "2024-06-20T21:01:55.524Z", "dateUpdated": "2025-03-20T18:02:26.275Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21217 (GCVE-0-2024-21217)
Vulnerability from cvelistv5
Published
2024-10-15 19:52
Modified
2025-03-13 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Oracle Corporation | Oracle Java SE |
Version: Oracle Java SE:8u421 Version: Oracle Java SE:8u421-perf Version: Oracle Java SE:11.0.24 Version: Oracle Java SE:17.0.12 Version: Oracle Java SE:21.0.4 Version: Oracle Java SE:23 Version: Oracle GraalVM for JDK:17.0.12 Version: Oracle GraalVM for JDK:21.0.4 Version: Oracle GraalVM for JDK:23 Version: Oracle GraalVM Enterprise Edition:20.3.15 Version: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21217", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-17T13:44:31.294836Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-13T13:55:34.558Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*" ], "product": "Oracle Java SE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u421" }, { "status": "affected", "version": "Oracle Java SE:8u421-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.24" }, { "status": "affected", "version": "Oracle Java SE:17.0.12" }, { "status": "affected", "version": "Oracle Java SE:21.0.4" }, { "status": "affected", "version": "Oracle Java SE:23" }, { "status": "affected", "version": "Oracle GraalVM for JDK:17.0.12" }, { "status": "affected", "version": "Oracle GraalVM for JDK:21.0.4" }, { "status": "affected", "version": "Oracle GraalVM for JDK:23" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.15" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.11" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-15T19:52:43.814Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2024.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21217", "datePublished": "2024-10-15T19:52:43.814Z", "dateReserved": "2023-12-07T22:28:10.691Z", "dateUpdated": "2025-03-13T13:55:34.558Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30651 (GCVE-0-2025-30651)
Vulnerability from cvelistv5
Published
2025-04-09 19:56
Modified
2025-04-09 20:36
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-805 - Buffer Access with Incorrect Length Value
Summary
A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When an attacker sends a specific ICMPv6 packet to an interface with "protocols router-advertisement" configured, rpd crashes and restarts. Continued receipt of this packet will cause a sustained DoS condition.
This issue only affects systems configured with IPv6.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S4,
* from 23.2 before 23.2R2-S2,
* from 23.4 before 23.4R2;
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S4-EVO,
* from 23.2-EVO before 23.2R2-S2-EVO,
* from 23.4-EVO before 23.4R2-EVO.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30651", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:36:29.443531Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:36:41.381Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S10", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S4", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S2", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2", "status": "affected", "version": "23.4", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9-EVO", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S10-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver" }, { "lessThan": "22.2R3-S6-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver" }, { "lessThan": "22.4R3-S4-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver" }, { "lessThan": "23.2R2-S2-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver" }, { "lessThan": "23.4R2-EVO", "status": "affected", "version": "23.4-EVO", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following configuration is required to be affected by this issue:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols router-advertisement interface \u0026lt;interface-name\u0026gt; ]\u003cbr\u003e\u003c/tt\u003e\u003ccode\u003e[ interfaces \u0026lt;interface-name\u0026gt; unit \u0026lt;unit\u0026gt; family inet6 address \u0026lt;ipv6-addr\u0026gt; ]\u003c/code\u003e\u003cbr\u003e" } ], "value": "The following configuration is required to be affected by this issue:\n\n[ protocols router-advertisement interface \u003cinterface-name\u003e ]\n[ interfaces \u003cinterface-name\u003e unit \u003cunit\u003e family inet6 address \u003cipv6-addr\u003e ]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cp\u003eWhen an attacker sends a specific ICMPv6 packet to an interface with \"protocols router-advertisement\" configured, rpd crashes and restarts. Continued receipt of this packet will cause a sustained DoS condition.\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue only affects systems configured with IPv6.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 21.2R3-S9,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4 before 21.4R3-S10, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2 before 22.2R3-S6, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4 before 22.4R3-S4, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2 before 23.2R2-S2, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.4 before 23.4R2; \u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003eand Junos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 21.2R3-S9-EVO, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4-EVO before 21.4R3-S10-EVO, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2-EVO before 22.2R3-S6-EVO, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4-EVO before 22.4R3-S4-EVO, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2-EVO before 23.2R2-S2-EVO, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.4-EVO before 23.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\u003cp\u003e\u003c/p\u003e" } ], "value": "A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\nWhen an attacker sends a specific ICMPv6 packet to an interface with \"protocols router-advertisement\" configured, rpd crashes and restarts. Continued receipt of this packet will cause a sustained DoS condition.\u00a0\n\n\n\n\nThis issue only affects systems configured with IPv6.\n\n\n\nThis issue affects Junos OS:\u00a0\n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10, \n * from 22.2 before 22.2R3-S6, \n * from 22.4 before 22.4R3-S4, \n * from 23.2 before 23.2R2-S2, \n * from 23.4 before 23.4R2; \n\n\n\nand Junos OS Evolved: \n * All versions before 21.2R3-S9-EVO, \n * from 21.4-EVO before 21.4R3-S10-EVO, \n * from 22.2-EVO before 22.2R3-S6-EVO, \n * from 22.4-EVO before 22.4R3-S4-EVO, \n * from 23.2-EVO before 23.2R2-S2-EVO, \n * from 23.4-EVO before 23.4R2-EVO." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-805", "description": "CWE-805 Buffer Access with Incorrect Length Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:56:28.305Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96461" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S4, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved:\u0026nbsp;21.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S4-EVO, 23.2R2-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue:\u00a0\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S4, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases.\nJunos OS Evolved:\u00a021.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S4-EVO, 23.2R2-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases." } ], "source": { "advisory": "JSA96461", "defect": [ "1809088" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS and Junos OS Evolved: Receipt of a specific ICMPv6 packet causes a memory overrun leading to an rpd crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eA firewall filter can be implemented to restrict ICMPv6 traffic." } ], "value": "There are no known workarounds for this issue.\n\nA firewall filter can be implemented to restrict ICMPv6 traffic." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30651", "datePublished": "2025-04-09T19:56:28.305Z", "dateReserved": "2025-03-24T19:34:11.321Z", "dateUpdated": "2025-04-09T20:36:41.381Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-40782 (GCVE-0-2024-40782)
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2025-02-13 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Processing maliciously crafted web content may lead to an unexpected process crash
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "safari", "vendor": "apple", "versions": [ { "lessThan": "17.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios", "vendor": "apple", "versions": [ { "lessThan": "17.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "17.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios", "vendor": "apple", "versions": [ { "lessThan": "16.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "16.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:watch_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "watch_os", "vendor": "apple", "versions": [ { "lessThan": "10.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mac_os", "vendor": "apple", "versions": [ { "lessThan": "14.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "visionos", "vendor": "apple", "versions": [ { "lessThan": "1.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:tv_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tv_os", "vendor": "apple", "versions": [ { "lessThan": "17.6", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-40782", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-30T14:29:08.109159Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-30T15:17:06.095Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:39:54.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214121" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214117" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214116" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214124" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214119" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214123" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214122" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/16" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/15" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/23" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/21" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/17" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/22" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Safari", "vendor": "Apple", "versions": [ { "lessThan": "17.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "16.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "visionOS", "vendor": "Apple", "versions": [ { "lessThan": "1.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to an unexpected process crash", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-29T22:20:37.634Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214121" }, { "url": "https://support.apple.com/en-us/HT214117" }, { "url": "https://support.apple.com/en-us/HT214116" }, { "url": "https://support.apple.com/en-us/HT214124" }, { "url": "https://support.apple.com/en-us/HT214119" }, { "url": "https://support.apple.com/en-us/HT214123" }, { "url": "https://support.apple.com/en-us/HT214122" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/16" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/15" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/21" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/17" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/22" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-40782", "datePublished": "2024-07-29T22:17:16.599Z", "dateReserved": "2024-07-10T17:11:04.688Z", "dateUpdated": "2025-02-13T17:53:25.727Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30646 (GCVE-0-2025-30646)
Vulnerability from cvelistv5
Published
2025-04-09 19:53
Modified
2025-04-09 20:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-195 - Signed to Unsigned Conversion Error
Summary
A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
When an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart.
This issue affects:
Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2;
Junos OS Evolved:
* All versions before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S6-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S4-EVO,
* from 24.2-EVO before 24.2R2-EVO.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30646", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:39:38.876844Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:39:47.342Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S10", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S6", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S4", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.4R3-S10-EVO", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "22.2R3-S6-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver" }, { "lessThan": "22.4R3-S6-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver" }, { "lessThan": "23.2R2-S3-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver" }, { "lessThan": "23.4R2-S4-EVO", "status": "affected", "version": "23.4-EVO", "versionType": "semver" }, { "lessThan": "24.2R2-EVO", "status": "affected", "version": "24.2-EVO", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Only systems configured for LLDP with active telemetry subscriptions are vulnerable to this issue:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols lldp ]\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eand:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services extension-service request-response ]\u003c/tt\u003e" } ], "value": "Only systems configured for LLDP with active telemetry subscriptions are vulnerable to this issue:\n\n[ protocols lldp ]\n\nand:\n\n[ system services extension-service request-response ]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).\u0026nbsp; Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eWhen an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S10-EVO,\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R2-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2-EVO before 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e" } ], "value": "A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).\u00a0 Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nWhen an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart.\n\n\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S6,\u00a0\n * from 22.4 before 22.4R3-S6,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S4,\u00a0\n * from 24.2 before 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S10-EVO,\n * from 22.2-EVO before 22.2R3-S6-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S6-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-S4-EVO,\u00a0\n * from 24.2-EVO before 24.2R2-EVO." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-195", "description": "CWE-195 Signed to Unsigned Conversion Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:53:27.087Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96456" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue:\u00a0\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases." } ], "source": { "advisory": "JSA96456", "defect": [ "1845098" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS and Junos OS Evolved: Receipt of a malformed LLDP TLV results in l2cpd crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30646", "datePublished": "2025-04-09T19:53:27.087Z", "dateReserved": "2025-03-24T19:34:11.320Z", "dateUpdated": "2025-04-09T20:39:47.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-39884 (GCVE-0-2024-39884)
Vulnerability from cvelistv5
Published
2024-07-04 08:36
Modified
2025-02-13 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Handler configuration not honored
Summary
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.61, which fixes this issue.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache HTTP Server |
Version: 2.4.60 |
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-39884", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-05T13:54:22.146289Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-19T21:08:27.183Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-09-13T17:05:05.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240712-0002/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/17/6" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/03/8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.4.60" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.\u0026nbsp; \u0026nbsp;\"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.61, which fixes this issue." } ], "value": "A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.\u00a0 \u00a0\"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.61, which fixes this issue." } ], "metrics": [ { "other": { "content": { "text": "important" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "description": "Handler configuration not honored", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-17T20:05:57.052Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240712-0002/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/17/6" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2024-07-01T12:00:00.000Z", "value": "reported" } ], "title": "Apache HTTP Server: source code disclosure with handlers configured via AddType", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2024-39884", "datePublished": "2024-07-04T08:36:49.772Z", "dateReserved": "2024-07-01T19:27:46.267Z", "dateUpdated": "2025-02-13T17:53:19.719Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-35845 (GCVE-0-2024-35845)
Vulnerability from cvelistv5
Published
2024-05-17 14:40
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: dbg-tlv: ensure NUL termination
The iwl_fw_ini_debug_info_tlv is used as a string, so we must
ensure the string is terminated correctly before using it.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux |
Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 |
||
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "affected", "version": "a9248de42464" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "affected", "version": "5.5" } ] }, { "cpes": [ "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "0" } ] }, { "cpes": [ "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "5.10.214" } ] }, { "cpes": [ "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "5.15.153" } ] }, { "cpes": [ "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "6.1.83" } ] }, { "cpes": [ "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "6.6.23" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "6.7.11" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "6.8.2" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "6.9" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-35845", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-17T17:22:01.418573Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-16T21:19:05.842Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:21:48.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "fabe2db7de32a881e437ee69db32e0de785a6209", "status": "affected", "version": "a9248de42464e546b624e3fc6a8b04b991af3591", "versionType": "git" }, { "lessThan": "96aa40761673da045a7774f874487cdb50c6a2f7", "status": "affected", "version": "a9248de42464e546b624e3fc6a8b04b991af3591", "versionType": "git" }, { "lessThan": "c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a", "status": "affected", "version": "a9248de42464e546b624e3fc6a8b04b991af3591", "versionType": "git" }, { "lessThan": "783d413f332a3ebec916664b366c28f58147f82c", "status": "affected", "version": "a9248de42464e546b624e3fc6a8b04b991af3591", "versionType": "git" }, { "lessThan": "fec14d1cdd92f340b9ba2bd220abf96f9609f2a9", "status": "affected", "version": "a9248de42464e546b624e3fc6a8b04b991af3591", "versionType": "git" }, { "lessThan": "71d4186d470e9cda7cd1a0921b4afda737c6f641", "status": "affected", "version": "a9248de42464e546b624e3fc6a8b04b991af3591", "versionType": "git" }, { "lessThan": "ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea", "status": "affected", "version": "a9248de42464e546b624e3fc6a8b04b991af3591", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.5" }, { "lessThan": "5.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.214", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.153", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.83", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.23", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.11", "versionType": "semver" }, { "lessThanOrEqual": "6.8.*", "status": "unaffected", "version": "6.8.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.214", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.153", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.83", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.23", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.7.11", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.8.2", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9", "versionStartIncluding": "5.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: dbg-tlv: ensure NUL termination\n\nThe iwl_fw_ini_debug_info_tlv is used as a string, so we must\nensure the string is terminated correctly before using it." } ], "providerMetadata": { "dateUpdated": "2025-05-04T09:06:42.675Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209" }, { "url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7" }, { "url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a" }, { "url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c" }, { "url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9" }, { "url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641" }, { "url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea" } ], "title": "wifi: iwlwifi: dbg-tlv: ensure NUL termination", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-35845", "datePublished": "2024-05-17T14:40:12.134Z", "dateReserved": "2024-05-17T13:50:33.105Z", "dateUpdated": "2025-05-04T09:06:42.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-40866 (GCVE-0-2024-40866)
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-25 16:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Visiting a malicious website may lead to address bar spoofing
Summary
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-40866", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-18T17:55:34.103087Z", "version": "2.0.3" }, "type": "ssvc" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-25T16:20:43.654Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Safari", "vendor": "Apple", "versions": [ { "lessThan": "18", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing." } ], "problemTypes": [ { "descriptions": [ { "description": "Visiting a malicious website may lead to address bar spoofing", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T23:22:28.243Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/121238" }, { "url": "https://support.apple.com/en-us/121241" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-40866", "datePublished": "2024-09-16T23:22:28.243Z", "dateReserved": "2024-07-10T17:11:04.716Z", "dateUpdated": "2025-03-25T16:20:43.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21235 (GCVE-0-2024-21235)
Vulnerability from cvelistv5
Published
2024-10-15 19:52
Modified
2025-03-25 17:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Oracle Corporation | Oracle Java SE |
Version: Oracle Java SE:8u421 Version: Oracle Java SE:8u421-perf Version: Oracle Java SE:11.0.24 Version: Oracle Java SE:17.0.12 Version: Oracle Java SE:21.0.4 Version: Oracle Java SE:23 Version: Oracle GraalVM for JDK:17.0.12 Version: Oracle GraalVM for JDK:21.0.4 Version: Oracle GraalVM for JDK:23 Version: Oracle GraalVM Enterprise Edition:20.3.15 Version: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21235", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-16T14:30:43.618436Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-25T17:00:08.660Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*" ], "product": "Oracle Java SE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u421" }, { "status": "affected", "version": "Oracle Java SE:8u421-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.24" }, { "status": "affected", "version": "Oracle Java SE:17.0.12" }, { "status": "affected", "version": "Oracle Java SE:21.0.4" }, { "status": "affected", "version": "Oracle Java SE:23" }, { "status": "affected", "version": "Oracle GraalVM for JDK:17.0.12" }, { "status": "affected", "version": "Oracle GraalVM for JDK:21.0.4" }, { "status": "affected", "version": "Oracle GraalVM for JDK:23" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.15" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.11" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-15T19:52:46.900Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2024.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21235", "datePublished": "2024-10-15T19:52:46.900Z", "dateReserved": "2023-12-07T22:28:10.698Z", "dateUpdated": "2025-03-25T17:00:08.660Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-6597 (GCVE-0-2023-6597)
Vulnerability from cvelistv5
Published
2024-03-19 15:44
Modified
2024-11-05 19:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cpython", "vendor": "python_software_foundation", "versions": [ { "lessThan": "3.8.19", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "3.9.19", "status": "affected", "version": "3.9.0", "versionType": "custom" }, { "lessThan": "3.10.14", "status": "affected", "version": "3.10.0", "versionType": "custom" }, { "lessThan": "3.11.8", "status": "affected", "version": "3.11.0", "versionType": "custom" }, { "lessThan": "3.12.1", "status": "affected", "version": "3.12.0", "versionType": "custom" }, { "lessThan": "3.13.0a3", "status": "affected", "version": "3.13.0a1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-6597", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-05T19:08:44.665083Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T19:16:27.862Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://github.com/python/cpython/issues/91133" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [ { "lessThan": "3.8.19", "status": "affected", "version": "0", "versionType": "python" }, { "lessThan": "3.9.19", "status": "affected", "version": "3.9.0", "versionType": "python" }, { "lessThan": "3.10.14", "status": "affected", "version": "3.10.0", "versionType": "python" }, { "lessThan": "3.11.8", "status": "affected", "version": "3.11.0", "versionType": "python" }, { "lessThan": "3.12.1", "status": "affected", "version": "3.12.0", "versionType": "python" }, { "lessThan": "3.13.0a3", "status": "affected", "version": "3.13.0a1", "versionType": "python" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003cbr\u003e\u003cbr\u003eThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\u003cbr\u003e" } ], "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:24:11.289Z", "orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF" }, "references": [ { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/python/cpython/issues/91133" }, { "tags": [ "vendor-advisory" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "assignerShortName": "PSF", "cveId": "CVE-2023-6597", "datePublished": "2024-03-19T15:44:28.989Z", "dateReserved": "2023-12-07T20:59:23.246Z", "dateUpdated": "2024-11-05T19:16:27.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30654 (GCVE-0-2025-30654)
Vulnerability from cvelistv5
Published
2025-04-09 20:00
Modified
2025-04-09 20:40
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information.
Through the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords, that can be used to further impact the system.
This issue affects Junos OS: * All versions before 21.4R3-S10,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3.
Junos OS Evolved:
* All versions before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S5-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S3-EVO.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30654", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:40:20.427551Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:40:40.786Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.4R3-S10", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "22.2R3-S5", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S5", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S3", "status": "affected", "version": "23.4", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.4R3-S10-EVO", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "22.2R3-S6-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver" }, { "lessThan": "22.4R3-S5-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver" }, { "lessThan": "23.2R2-S3-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver" }, { "lessThan": "23.4R2-S3-EVO", "status": "affected", "version": "23.4-EVO", "versionType": "semver" } ] } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esensitive information.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThrough the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esuch as hashed passwords,\u0026nbsp;\u003c/span\u003ethat can be used to further impact the system.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS:\u0026nbsp;\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S10,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAll versions before 21.4R3-S10-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 22.4-EVO before 22.4R3-S5-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 23.2-EVO before \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.2R2-S3-EVO\u003c/span\u003e,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 23.4-EVO before 23.4R2-S3-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e" } ], "value": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information.\u00a0\n\nThrough the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords,\u00a0that can be used to further impact the system.\n\n\nThis issue affects Junos OS:\u00a0 * All versions before 21.4R3-S10,\n * from 22.2 before 22.2R3-S5,\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3.\n\n\n\n\n\nJunos OS Evolved:\u00a0\n\n * All versions before 21.4R3-S10-EVO,\n * from 22.2-EVO before 22.2R3-S6-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S5-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-S3-EVO." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:00:36.618Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96464" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e\u003cbr\u003eJunos OS: 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.2R2-S3,\u0026nbsp;\u003c/span\u003e23.4R2-S3, 24.2R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved: 22.4R3-S5-EVO, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.2R2-S3-EVO,\u0026nbsp;\u003c/span\u003e23.4R2-S3-EVO, 24.2R1-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eand all subsequent releases.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3,\u00a023.4R2-S3, 24.2R1, and all subsequent releases.\n\nJunos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO,\u00a023.4R2-S3-EVO, 24.2R1-EVO,\u00a0and all subsequent releases." } ], "source": { "advisory": "JSA96464", "defect": [ "1807742" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS and Junos OS Evolved: A local, low privileged user can access sensitive information", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e" } ], "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30654", "datePublished": "2025-04-09T20:00:36.618Z", "dateReserved": "2025-03-24T19:34:11.322Z", "dateUpdated": "2025-04-09T20:40:40.786Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21210 (GCVE-0-2024-21210)
Vulnerability from cvelistv5
Published
2024-10-15 19:52
Modified
2024-10-31 13:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data.
Summary
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Oracle Corporation | Oracle Java SE |
Version: Oracle Java SE:8u421 Version: Oracle Java SE:8u421-perf Version: Oracle Java SE:11.0.24 Version: Oracle Java SE:17.0.12 Version: Oracle Java SE:21.0.4 Version: Oracle Java SE:23 cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21210", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-17T13:26:29.982643Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T13:05:44.388Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*" ], "product": "Oracle Java SE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u421" }, { "status": "affected", "version": "Oracle Java SE:8u421-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.24" }, { "status": "affected", "version": "Oracle Java SE:17.0.12" }, { "status": "affected", "version": "Oracle Java SE:21.0.4" }, { "status": "affected", "version": "Oracle Java SE:23" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-15T19:52:41.538Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2024.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21210", "datePublished": "2024-10-15T19:52:41.538Z", "dateReserved": "2023-12-07T22:28:10.690Z", "dateUpdated": "2024-10-31T13:05:44.388Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-27851 (GCVE-0-2024-27851)
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Summary
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
References
URL | Tags | |
---|---|---|
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "iphone_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mac_os", "vendor": "apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:apple:visionos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "visionos", "vendor": "apple", "versions": [ { "lessThan": "1.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "watchos", "vendor": "apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "safari", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tvos", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27851", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-15T03:55:31.726Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.657Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214108" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214103" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214102" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jun/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "visionOS", "vendor": "Apple", "versions": [ { "lessThan": "1.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Safari", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-12T04:06:01.095Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "https://support.apple.com/en-us/HT214108" }, { "url": "https://support.apple.com/en-us/HT214104" }, { "url": "https://support.apple.com/en-us/HT214103" }, { "url": "https://support.apple.com/en-us/HT214102" }, { "url": "http://seclists.org/fulldisclosure/2024/Jun/5" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27851", "datePublished": "2024-06-10T20:56:47.478Z", "dateReserved": "2024-02-26T15:32:28.532Z", "dateUpdated": "2025-02-13T17:47:05.396Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21208 (GCVE-0-2024-21208)
Vulnerability from cvelistv5
Published
2024-10-15 19:52
Modified
2024-10-31 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Oracle Corporation | Oracle Java SE |
Version: Oracle Java SE:8u421 Version: Oracle Java SE:8u421-perf Version: Oracle Java SE:11.0.24 Version: Oracle Java SE:17.0.12 Version: Oracle Java SE:21.0.4 Version: Oracle Java SE:23 Version: Oracle GraalVM for JDK:17.0.12 Version: Oracle GraalVM for JDK:21.0.4 Version: Oracle GraalVM for JDK:23 Version: Oracle GraalVM Enterprise Edition:20.3.15 Version: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21208", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-17T13:27:45.725418Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T13:06:16.702Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*" ], "product": "Oracle Java SE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u421" }, { "status": "affected", "version": "Oracle Java SE:8u421-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.24" }, { "status": "affected", "version": "Oracle Java SE:17.0.12" }, { "status": "affected", "version": "Oracle Java SE:21.0.4" }, { "status": "affected", "version": "Oracle Java SE:23" }, { "status": "affected", "version": "Oracle GraalVM for JDK:17.0.12" }, { "status": "affected", "version": "Oracle GraalVM for JDK:21.0.4" }, { "status": "affected", "version": "Oracle GraalVM for JDK:23" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.15" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.11" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-15T19:52:40.907Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2024.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21208", "datePublished": "2024-10-15T19:52:40.907Z", "dateReserved": "2023-12-07T22:28:10.690Z", "dateUpdated": "2024-10-31T13:06:16.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-3652 (GCVE-0-2024-3652)
Vulnerability from cvelistv5
Published
2024-04-11 01:32
Modified
2025-02-13 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- IKEv1 with default AH/ESP configuration can cause libreswan to abort and restart
Summary
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The Libreswan Project (www.libreswan.org) | libreswan |
Version: 3.22 ≤ 4.14 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "libreswan", "vendor": "libreswan", "versions": [ { "lessThanOrEqual": "4.14", "status": "affected", "version": "3.22", "versionType": "semver" }, { "status": "unaffected", "version": "5.0" }, { "status": "unaffected", "version": "4.15" }, { "lessThanOrEqual": "3.21", "status": "unaffected", "version": "3.0", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-3652", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-11T17:26:47.015453Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-404", "description": "CWE-404 Improper Resource Shutdown or Release", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-29T17:34:37.575Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:19:59.933Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2024-3652", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://libreswan.org/security/CVE-2024-3652" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/18/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "libreswan", "vendor": "The Libreswan Project (www.libreswan.org)", "versions": [ { "lessThanOrEqual": "4.14", "status": "affected", "version": "3.22", "versionType": "semver" }, { "status": "unaffected", "version": "5.0" } ] } ], "configurations": [ { "lang": "en", "value": "The vulnerability can only be triggered for connections with ikev2=no that do not specify an esp= option." } ], "credits": [ { "lang": "en", "type": "finder", "value": "github user X1AOxiang" } ], "datePublic": "2024-04-12T21:00:00.000Z", "descriptions": [ { "lang": "en", "value": "The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan\u0027s default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected." } ], "problemTypes": [ { "descriptions": [ { "description": "IKEv1 with default AH/ESP configuration can cause libreswan to abort and restart", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-01T17:10:23.219Z", "orgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df", "shortName": "libreswan" }, "references": [ { "name": "CVE-2024-3652", "tags": [ "vendor-advisory" ], "url": "https://libreswan.org/security/CVE-2024-3652" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/18/2" } ], "solutions": [ { "lang": "en", "value": "This issue is fixed in 4.15 and all later versions." } ], "timeline": [ { "lang": "en", "time": "2024-03-24T00:00:00.000Z", "value": "Issue reported publicly by github user X1AOxiang via https://github.com/libreswan/libreswan/issues/1665" }, { "lang": "en", "time": "2024-03-27T00:00:00.000Z", "value": "Fix published in commit 03caa63de1e3 (as issue was already public via githb issue)" }, { "lang": "en", "time": "2024-04-10T00:00:00.000Z", "value": "Advanced notice given to support customers and distributions" }, { "lang": "en", "time": "2024-04-12T00:00:00.000Z", "value": "CVE-2024-3652 published" } ], "title": "IKEv1 default AH/ESP responder can cause libreswan to abort and restart", "workarounds": [ { "lang": "en", "value": "As a workaround, adding an esp= line to all IKEv1 connections works around the issue. An example covering most common default configurations would be: esp=aes-sha2_512,aes-sha1,aes-sha2_256,aes-md5,3des-sha1,3des-md5." } ] } }, "cveMetadata": { "assignerOrgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df", "assignerShortName": "libreswan", "cveId": "CVE-2024-3652", "datePublished": "2024-04-11T01:32:13.433Z", "dateReserved": "2024-04-11T01:28:41.331Z", "dateUpdated": "2025-02-13T17:52:56.700Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-4076 (GCVE-0-2024-4076)
Vulnerability from cvelistv5
Published
2024-07-23 14:40
Modified
2025-02-13 17:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.
This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bind", "vendor": "isc", "versions": [ { "lessThanOrEqual": "9.16.50", "status": "affected", "version": "9.16.13", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.24", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.11.37-s1", "status": "affected", "version": "9.11.33-s1", "versionType": "custom" }, { "lessThanOrEqual": "9.16.50-s1", "status": "affected", "version": "9.16.13-s1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27-s1", "status": "affected", "version": "9.18.11-s1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-4076", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T15:10:37.488270Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-24T18:47:06.657Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:33:51.640Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20240731-0001/" }, { "name": "CVE-2024-4076", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2024-4076" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/23/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.50", "status": "affected", "version": "9.16.13", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.24", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.11.37-S1", "status": "affected", "version": "9.11.33-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.16.50-S1", "status": "affected", "version": "9.16.13-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Daniel Str\u00e4nger for bringing this vulnerability to our attention." } ], "datePublic": "2024-07-23T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "A `named` instance vulnerable to this logic error may terminate unexpectedly." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2024-07-31T11:05:58.936Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2024-4076", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2024-4076" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/23/1" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/31/2" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Assertion failure when serving both stale cache data and authoritative zone content", "workarounds": [ { "lang": "en", "value": "Disabling serve-stale answers mitigates this issue." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2024-4076", "datePublished": "2024-07-23T14:40:57.256Z", "dateReserved": "2024-04-23T13:59:44.699Z", "dateUpdated": "2025-02-13T17:53:23.437Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-32465 (GCVE-0-2024-32465)
Vulnerability from cvelistv5
Published
2024-05-14 19:18
Modified
2025-02-13 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.45.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.44.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThanOrEqual": "2.43.4", "status": "affected", "version": "2.43.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThanOrEqual": "2.42.2", "status": "affected", "version": "2.42.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.41.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThanOrEqual": "2.40.2", "status": "affected", "version": "2.40.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.39.4", "status": "affected", "version": "2.39.4*", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32465", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-15T14:24:08.045336Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:51:48.675Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:13:39.839Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4" }, { "name": "https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7" }, { "name": "https://git-scm.com/docs/git#_security", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git-scm.com/docs/git#_security" }, { "name": "https://git-scm.com/docs/git-clone", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git-scm.com/docs/git-clone" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "= 2.45.0" }, { "status": "affected", "version": "= 2.44.0" }, { "status": "affected", "version": "\u003e= 2.43.0, \u003c 2.43.4" }, { "status": "affected", "version": "\u003e= 2.42.0, \u003c 2.42.2" }, { "status": "affected", "version": "= 2.41.0" }, { "status": "affected", "version": "\u003e= 2.40.0, \u003c 2.40.2" }, { "status": "affected", "version": "\u003c 2.39.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-26T10:05:55.929Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4" }, { "name": "https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7" }, { "name": "https://git-scm.com/docs/git#_security", "tags": [ "x_refsource_MISC" ], "url": "https://git-scm.com/docs/git#_security" }, { "name": "https://git-scm.com/docs/git-clone", "tags": [ "x_refsource_MISC" ], "url": "https://git-scm.com/docs/git-clone" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html" } ], "source": { "advisory": "GHSA-vm9j-46j9-qvq4", "discovery": "UNKNOWN" }, "title": "Git\u0027s protections for cloning untrusted repositories can be bypassed" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-32465", "datePublished": "2024-05-14T19:18:33.914Z", "dateReserved": "2024-04-12T19:41:51.165Z", "dateUpdated": "2025-02-13T17:52:12.757Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30649 (GCVE-0-2025-30649)
Vulnerability from cvelistv5
Published
2025-04-09 19:55
Modified
2025-04-09 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs.
Continued receipt and processing of these specific packets will sustain the DoS condition.
This issue affects Junos OS: * All versions before 22.2R3-S6,
* from 22.4 before 22.4R3-S4,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R1-S2, 24.2R2
An indicator of compromise will indicate the SPC3 SPUs utilization has spiked.
For example:
user@device> show services service-sets summary
Service sets CPU
Interface configured Bytes used Session bytes used Policy bytes used utilization
"interface" 1 "bytes" (percent%) "sessions" ("percent"%) "bytes" ("percent"%) 99.97 % OVLD <<<<<< look for high CPU usage
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30649", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:02:41.255699Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:03:04.073Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "syslog stream with TCP transport enabled" ], "platforms": [ "MX240", "MX480", "MX960", "with SPC3" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "22.2R3-S6", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "22.4R3-S4", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S4", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R1-S2, 24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u0026nbsp; [services service-set \"service-set-name\" syslog stream \"stream-name\" host \"syslog-server-ip-address-or-hostname\"]\u003cbr\u003e\u0026nbsp; [services service-set \"service-set-name\" syslog stream \"stream-name\" host port \"syslog-server-port\"]\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [services service-set \"service-set-name\" syslog stream \"stream-name\" transport protocol tcp]\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [services service-set \"service-set-name\" syslog stream \"stream-name\" source-address \"syslog-collector-ip-address\"]\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e" } ], "value": "[services service-set \"service-set-name\" syslog stream \"stream-name\" host \"syslog-server-ip-address-or-hostname\"]\n\u00a0 [services service-set \"service-set-name\" syslog stream \"stream-name\" host port \"syslog-server-port\"]\n\u00a0 [services service-set \"service-set-name\" syslog stream \"stream-name\" transport protocol tcp]\n\u00a0 [services service-set \"service-set-name\" syslog stream \"stream-name\" source-address \"syslog-collector-ip-address\"]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Improper Input Validation vulnerability in the\u0026nbsp;syslog stream TCP transport\u0026nbsp;of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs.\u003cbr\u003e\u003cbr\u003eContinued receipt and processing of these specific packets will sustain the DoS condition.\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003eThis issue affects Junos OS:\u003c/span\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S4,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S2, 24.2R2\u003c/li\u003e\u003c/ul\u003e\u003cdiv\u003eAn indicator of compromise will indicate the SPC3 SPUs utilization has spiked.\u003c/div\u003e\u003cbr\u003eFor example:\u0026nbsp;\u003cbr\u003e\u0026nbsp; \u0026nbsp;user@device\u0026gt; show services service-sets summary\u003cbr\u003e\u003cdiv\u003e\u003cpre\u003e Service sets CPU\n Interface configured Bytes used Session bytes used Policy bytes used utilization\n \"interface\" 1 \"bytes\" (percent%) \"sessions\" (\"percent\"%) \"bytes\" (\"percent\"%) 99.97 % OVLD \u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt; look for high CPU usage\n\u003c/pre\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e" } ], "value": "An Improper Input Validation vulnerability in the\u00a0syslog stream TCP transport\u00a0of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs.\n\nContinued receipt and processing of these specific packets will sustain the DoS condition.\n\nThis issue affects Junos OS: * All versions before 22.2R3-S6,\n * from 22.4 before 22.4R3-S4,\n * from 23.2 before 23.2R2-S3,\n * from 23.4 before 23.4R2-S4,\n * from 24.2 before 24.2R1-S2, 24.2R2\n\n\nAn indicator of compromise will indicate the SPC3 SPUs utilization has spiked.\n\n\nFor example:\u00a0\n\u00a0 \u00a0user@device\u003e show services service-sets summary\n Service sets CPU\n Interface configured Bytes used Session bytes used Policy bytes used utilization\n \"interface\" 1 \"bytes\" (percent%) \"sessions\" (\"percent\"%) \"bytes\" (\"percent\"%) 99.97 % OVLD \u003c\u003c\u003c\u003c\u003c\u003c look for high CPU usage" } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:55:37.363Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96459" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 22.2R3-S6, 22.4R3-S4, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 22.2R3-S6, 22.4R3-S4, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA96459", "defect": [ "1823932" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: MX240, MX480, MX960 with SPC3: An attacker sending specific packets will cause a CPU utilization DoS.", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30649", "datePublished": "2025-04-09T19:55:37.363Z", "dateReserved": "2025-03-24T19:34:11.321Z", "dateUpdated": "2025-04-09T20:03:04.073Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-7021 (GCVE-0-2020-7021)
Vulnerability from cvelistv5
Published
2021-02-10 18:55
Modified
2024-08-04 09:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Elastic | Elasticsearch |
Version: before 7.10.0 and 6.8.14 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:18:02.537Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210319-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Elasticsearch", "vendor": "Elastic", "versions": [ { "status": "affected", "version": "before 7.10.0 and 6.8.14" } ] } ], "descriptions": [ { "lang": "en", "value": "Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-19T08:06:17", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210319-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@elastic.co", "ID": "CVE-2020-7021", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Elasticsearch", "version": { "version_data": [ { "version_value": "before 7.10.0 and 6.8.14" } ] } } ] }, "vendor_name": "Elastic" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-532: Insertion of Sensitive Information into Log File" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915" }, { "name": "https://security.netapp.com/advisory/ntap-20210319-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210319-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2020-7021", "datePublished": "2021-02-10T18:55:15", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2024-08-04T09:18:02.537Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-27052 (GCVE-0-2024-27052)
Vulnerability from cvelistv5
Published
2024-05-01 12:54
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
The workqueue might still be running, when the driver is stopped. To
avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux |
Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 |
||
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:5.5:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "affected", "version": "5.5" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "58fe3bbddfec", "status": "affected", "version": "e542e66b7c2e", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27052", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-13T15:54:30.303932Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:46:59.357Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:21:05.987Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dddedfa3b29a63c2ca4336663806a6128b8545b4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ac512507ac89c01ed6cd4ca53032f52cdb23ea59" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3518cea837de4d106efa84ddac18a07b6de1384e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/156012667b85ca7305cb363790d3ae8519a6f41e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7059cdb69f8e1a2707dd1e2f363348b507ed7707" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/58fe3bbddfec10c6b216096d8c0e517cd8463e3a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1213acb478a7181cd73eeaf00db430f1e45b1361" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "dddedfa3b29a63c2ca4336663806a6128b8545b4", "status": "affected", "version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819", "versionType": "git" }, { "lessThan": "ac512507ac89c01ed6cd4ca53032f52cdb23ea59", "status": "affected", "version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819", "versionType": "git" }, { "lessThan": "3518cea837de4d106efa84ddac18a07b6de1384e", "status": "affected", "version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819", "versionType": "git" }, { "lessThan": "156012667b85ca7305cb363790d3ae8519a6f41e", "status": "affected", "version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819", "versionType": "git" }, { "lessThan": "7059cdb69f8e1a2707dd1e2f363348b507ed7707", "status": "affected", "version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819", "versionType": "git" }, { "lessThan": "58fe3bbddfec10c6b216096d8c0e517cd8463e3a", "status": "affected", "version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819", "versionType": "git" }, { "lessThan": "1213acb478a7181cd73eeaf00db430f1e45b1361", "status": "affected", "version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.5" }, { "lessThan": "5.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.214", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.153", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.83", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.23", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.11", "versionType": "semver" }, { "lessThanOrEqual": "6.8.*", "status": "unaffected", "version": "6.8.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.214", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.153", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.83", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.23", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.7.11", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.8.2", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9", "versionStartIncluding": "5.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work\n\nThe workqueue might still be running, when the driver is stopped. To\navoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop()." } ], "providerMetadata": { "dateUpdated": "2025-05-04T09:03:10.748Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/dddedfa3b29a63c2ca4336663806a6128b8545b4" }, { "url": "https://git.kernel.org/stable/c/ac512507ac89c01ed6cd4ca53032f52cdb23ea59" }, { "url": "https://git.kernel.org/stable/c/3518cea837de4d106efa84ddac18a07b6de1384e" }, { "url": "https://git.kernel.org/stable/c/156012667b85ca7305cb363790d3ae8519a6f41e" }, { "url": "https://git.kernel.org/stable/c/7059cdb69f8e1a2707dd1e2f363348b507ed7707" }, { "url": "https://git.kernel.org/stable/c/58fe3bbddfec10c6b216096d8c0e517cd8463e3a" }, { "url": "https://git.kernel.org/stable/c/1213acb478a7181cd73eeaf00db430f1e45b1361" } ], "title": "wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-27052", "datePublished": "2024-05-01T12:54:42.547Z", "dateReserved": "2024-02-19T14:20:24.214Z", "dateUpdated": "2025-05-04T09:03:10.748Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-47596 (GCVE-0-2021-47596)
Vulnerability from cvelistv5
Published
2024-06-19 14:53
Modified
2025-05-04 07:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
Currently, the hns3_remove function firstly uninstall client instance,
and then uninstall acceletion engine device. The netdevice is freed in
client instance uninstall process, but acceletion engine device uninstall
process still use it to trace runtime information. This causes a use after
free problem.
So fixes it by check the instance register state to avoid use after free.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:47:39.492Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47596", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:12:27.308735Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:52.130Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "12512bc8f25b8ba9795dfbae0e9ca57ff13fd542", "status": "affected", "version": "d8355240cf8fb8b9e002b5c8458578435cea85c2", "versionType": "git" }, { "lessThan": "4f4a353f6fe033807cd026a5de81c67469ff19b0", "status": "affected", "version": "d8355240cf8fb8b9e002b5c8458578435cea85c2", "versionType": "git" }, { "lessThan": "27cbf64a766e86f068ce6214f04c00ceb4db1af4", "status": "affected", "version": "d8355240cf8fb8b9e002b5c8458578435cea85c2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.8" }, { "lessThan": "5.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.88", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.11", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.88", "versionStartIncluding": "5.8", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.11", "versionStartIncluding": "5.8", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.16", "versionStartIncluding": "5.8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix use-after-free bug in hclgevf_send_mbx_msg\n\nCurrently, the hns3_remove function firstly uninstall client instance,\nand then uninstall acceletion engine device. The netdevice is freed in\nclient instance uninstall process, but acceletion engine device uninstall\nprocess still use it to trace runtime information. This causes a use after\nfree problem.\n\nSo fixes it by check the instance register state to avoid use after free." } ], "providerMetadata": { "dateUpdated": "2025-05-04T07:14:29.249Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542" }, { "url": "https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0" }, { "url": "https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4" } ], "title": "net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47596", "datePublished": "2024-06-19T14:53:58.243Z", "dateReserved": "2024-05-24T15:11:00.733Z", "dateUpdated": "2025-05-04T07:14:29.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-33601 (GCVE-0-2024-33601)
Vulnerability from cvelistv5
Published
2024-05-06 19:22
Modified
2025-03-18 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion
Summary
nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The GNU C Library | glibc |
Version: 2.15 < 2.40 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "glibc", "vendor": "gnu", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-33601", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-09T17:26:01.322253Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-18T13:55:13.348Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0014/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003enscd: netgroup cache may terminate daemon on memory allocation failure\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\u003cbr\u003exrealloc and these functions may terminate the process due to a memory\u003cbr\u003eallocation failure resulting in a denial of service to the clients. The\u003cbr\u003eflaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e" } ], "value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary." } ], "impacts": [ { "capecId": "CAPEC-130", "descriptions": [ { "lang": "en", "value": "CAPEC-130 Excessive Allocation" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-22T18:06:12.587Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0014/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: netgroup cache may terminate daemon on memory allocation failure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33601", "datePublished": "2024-05-06T19:22:07.763Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2025-03-18T13:55:13.348Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-7611 (GCVE-0-2019-7611)
Vulnerability from cvelistv5
Published
2019-03-25 18:34
Modified
2024-08-04 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Elastic | Elasticsearch |
Version: before 5.6.15 and 6.6.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:54:28.532Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.elastic.co/community/security" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Elasticsearch", "vendor": "Elastic", "versions": [ { "status": "affected", "version": "before 5.6.15 and 6.6.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-25T18:34:06", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.elastic.co/community/security" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@elastic.co", "ID": "CVE-2019-7611", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Elasticsearch", "version": { "version_data": [ { "version_value": "before 5.6.15 and 6.6.1" } ] } } ] }, "vendor_name": "Elastic" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-284: Improper Access Control" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077" }, { "name": "https://www.elastic.co/community/security", "refsource": "MISC", "url": "https://www.elastic.co/community/security" } ] } } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2019-7611", "datePublished": "2019-03-25T18:34:06", "dateReserved": "2019-02-07T00:00:00", "dateUpdated": "2024-08-04T20:54:28.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-1975 (GCVE-0-2024-1975)
Vulnerability from cvelistv5
Published
2024-07-23 14:38
Modified
2025-02-13 17:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.18.0:*:*:*:-:*:*:*", "cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*", "cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*", "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "bind", "vendor": "isc", "versions": [ { "lessThanOrEqual": "9.11.37", "status": "affected", "version": "9.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.50", "status": "affected", "version": "9.16.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.49-s1", "status": "affected", "version": "9.16.8", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27-s1", "status": "affected", "version": "9.18.11", "versionType": "custom" }, { "lessThanOrEqual": "9.19.24", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.11.37-s1", "status": "affected", "version": "9.9.3", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-1975", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T17:12:04.527878Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-24T20:08:56.485Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:56:22.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20240731-0002/" }, { "name": "CVE-2024-1975", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2024-1975" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/23/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.11.37", "status": "affected", "version": "9.0.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.50", "status": "affected", "version": "9.16.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.24", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.11.37-S1", "status": "affected", "version": "9.9.3-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.16.49-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "datePublic": "2024-07-23T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "If a server hosts a zone containing a \"KEY\" Resource Record, or a resolver DNSSEC-validates a \"KEY\" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.\nThis issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1." } ], "exploits": [ { "lang": "en", "value": "This flaw was discovered in internal testing. We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Depletion of available CPU resources may cause BIND to become unresponsive." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2024-07-31T11:05:55.761Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2024-1975", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2024-1975" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/23/1" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/31/2" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1." } ], "source": { "discovery": "INTERNAL" }, "title": "SIG(0) can be used to exhaust CPU resources", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2024-1975", "datePublished": "2024-07-23T14:38:57.143Z", "dateReserved": "2024-02-28T16:31:07.894Z", "dateUpdated": "2025-02-13T17:32:28.908Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39253 (GCVE-0-2022-39253)
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2024-08-03 12:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85" }, { "name": "FEDORA-2022-12790ca71a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFYXCTLOSESYIP72BUYD6ECDIMUM4WMB/" }, { "name": "FEDORA-2022-8b58806840", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKFHE4KVD7EKS5J3KTDFVBEKU3CLXGVV/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213496" }, { "name": "FEDORA-2022-53aadd995f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH/" }, { "name": "20221107 APPLE-SA-2022-11-01-1 Xcode 14.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Nov/1" }, { "name": "FEDORA-2022-2c33bba286", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMQWGMDLX6KTVWW5JZLVPI7ICAK72TN7/" }, { "name": "FEDORA-2022-fb088df94c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD/" }, { "name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html" }, { "name": "[oss-security] 20230214 [Announce] Git 2.39.2 and friends", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/14/5" }, { "name": "GLSA-202312-15", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-15" }, { "name": "[oss-security] 20240514 git: 5 vulnerabilities fixed", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "\u003c 2.30.6" }, { "status": "affected", "version": "\u003c 2.31.5" }, { "status": "affected", "version": "\u003c 2.32.4" }, { "status": "affected", "version": "\u003c 2.33.5" }, { "status": "affected", "version": "\u003c 2.34.5" }, { "status": "affected", "version": "\u003c 2.35.5" }, { "status": "affected", "version": "\u003c 2.36.3" }, { "status": "affected", "version": "\u003c 2.37.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source\u0027s `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim\u0027s machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T17:14:58.362681", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85" }, { "name": "FEDORA-2022-12790ca71a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFYXCTLOSESYIP72BUYD6ECDIMUM4WMB/" }, { "name": "FEDORA-2022-8b58806840", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKFHE4KVD7EKS5J3KTDFVBEKU3CLXGVV/" }, { "url": "https://support.apple.com/kb/HT213496" }, { "name": "FEDORA-2022-53aadd995f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH/" }, { "name": "20221107 APPLE-SA-2022-11-01-1 Xcode 14.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Nov/1" }, { "name": "FEDORA-2022-2c33bba286", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMQWGMDLX6KTVWW5JZLVPI7ICAK72TN7/" }, { "name": "FEDORA-2022-fb088df94c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD/" }, { "name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html" }, { "name": "[oss-security] 20230214 [Announce] Git 2.39.2 and friends", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/14/5" }, { "name": "GLSA-202312-15", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202312-15" }, { "name": "[oss-security] 20240514 git: 5 vulnerabilities fixed", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" } ], "source": { "advisory": "GHSA-3wp6-j8xr-qw85", "discovery": "UNKNOWN" }, "title": "Git subject to exposure of sensitive information via local clone of symbolic links" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39253", "datePublished": "2022-10-19T00:00:00", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T12:00:43.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-21594 (GCVE-0-2025-21594)
Vulnerability from cvelistv5
Published
2025-04-09 19:49
Modified
2025-04-10 13:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).
In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and prefix-length is set to 56, the ports assigned to the user will not be freed. Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover.
Following is the command to identify the issue:
user@host> show services nat source port-block
Host_IP External_IP Port_Block Ports_Used/ Block_State/
Range Ports_Total Left_Time(s)
2001:: x.x.x.x 58880-59391 256/256*1 Active/- >>>>>>>>port still usedThis issue affects Junos OS on MX Series:
* from 21.2 before 21.2R3-S8,
* from 21.4 before 21.4R3-S7,
* from 22.1 before 22.1R3-S6,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
This issue does not affect versions before 20.2R1.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-21594", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-10T13:13:47.889505Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-10T13:14:00.650Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "MX Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S7", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.1R3-S6", "status": "affected", "version": "22.1", "versionType": "semver" }, { "lessThan": "22.2R3-S4", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.3R3-S3", "status": "affected", "version": "22.3", "versionType": "semver" }, { "lessThan": "22.4R3-S2", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S1", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R1-S2, 23.4R2", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "20.2R1", "status": "unaffected", "version": "0", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue only occurs when below config is enabled:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ set services service-set \u0026lt;*\u0026gt; softwire-options dslite-ipv6-prefix-length 56]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "This issue only occurs when below config is enabled:\n\n[ set services service-set \u003c*\u003e softwire-options dslite-ipv6-prefix-length 56]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIn a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;prefix-length is set to 56,\u003c/span\u003e\u0026nbsp;the ports assigned to the user will not be freed.\u0026nbsp; Eventually, users cannot establish new connections. \u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eAffected FPC/PIC need to be manually restarted to recover.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFollowing is the command to identify the issue:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ctt\u003e\u003cbr\u003e\u0026nbsp; \u0026nbsp; user@host\u0026gt; show services nat source port-block\u0026nbsp;\u003c/tt\u003e\u003ctt\u003e\u003cbr\u003e\u2003\u2003\u2003\u2003Host_IP \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; External_IP \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Port_Block\u0026nbsp; \u0026nbsp; \u0026nbsp; Ports_Used/ \u0026nbsp; \u0026nbsp; \u0026nbsp; Block_State/\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Range \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Ports_Total \u0026nbsp; \u0026nbsp; \u0026nbsp; Left_Time(s)\u003cbr\u003e\u2003\u2003\u2003\u20032001::\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; x.x.x.x\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;58880-59391\u0026nbsp; \u0026nbsp; \u0026nbsp;256/256*1\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Active/- \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;port still used\u003c/tt\u003e\u003cp\u003eThis issue affects Junos OS on MX Series:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 21.2 before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2, 23.4R2.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect versions before 20.2R1.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e" } ], "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).\n\nIn a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and\u00a0prefix-length is set to 56,\u00a0the ports assigned to the user will not be freed.\u00a0 Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover.\nFollowing is the command to identify the issue:\u00a0\n\n\n\u00a0 \u00a0 user@host\u003e show services nat source port-block\u00a0\n\u2003\u2003\u2003\u2003Host_IP \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 External_IP \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Port_Block\u00a0 \u00a0 \u00a0 Ports_Used/ \u00a0 \u00a0 \u00a0 Block_State/\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Range \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Ports_Total \u00a0 \u00a0 \u00a0 Left_Time(s)\n\u2003\u2003\u2003\u20032001::\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 x.x.x.x\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a058880-59391\u00a0 \u00a0 \u00a0256/256*1\u00a0 \u00a0 \u00a0 \u00a0 \u00a0Active/- \u00a0 \u00a0 \u00a0 \u003e\u003e\u003e\u003e\u003e\u003e\u003e\u003eport still usedThis issue affects Junos OS on MX Series:\u00a0\n\n * from 21.2 before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\u00a0\n * from 22.1 before 22.1R3-S6,\u00a0\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S2,\u00a0\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nThis issue does not affect versions before 20.2R1." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:U", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:49:41.391Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96449" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases." } ], "source": { "advisory": "JSA96449", "defect": [ "1785403" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: MX Series: In DS-lite and NAT scenario receipt of crafted IPv6 traffic causes port block", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Modify the IPv6 prefix-length to be 64/96/128 through the command:\u003cbr\u003e\u003ctt\u003e\u003cbr\u003e[ set services service-set \u0026lt;*\u0026gt; softwire-options dslite-ipv6-prefix-length 64/96/128]\u003c/tt\u003e" } ], "value": "Modify the IPv6 prefix-length to be 64/96/128 through the command:\n\n[ set services service-set \u003c*\u003e softwire-options dslite-ipv6-prefix-length 64/96/128]" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-21594", "datePublished": "2025-04-09T19:49:41.391Z", "dateReserved": "2024-12-26T14:47:11.669Z", "dateUpdated": "2025-04-10T13:14:00.650Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-48161 (GCVE-0-2023-48161)
Vulnerability from cvelistv5
Published
2023-11-22 00:00
Modified
2024-08-02 21:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:23:39.286Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceforge.net/p/giflib/bugs/167/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/tacetool/TACE#cve-2023-48161" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-22T06:04:28.849099", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://sourceforge.net/p/giflib/bugs/167/" }, { "url": "https://github.com/tacetool/TACE#cve-2023-48161" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-48161", "datePublished": "2023-11-22T00:00:00", "dateReserved": "2023-11-13T00:00:00", "dateUpdated": "2024-08-02T21:23:39.286Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-32021 (GCVE-0-2024-32021)
Vulnerability from cvelistv5
Published
2024-05-14 19:15
Modified
2025-02-13 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-547 - Use of Hard-coded, Security-relevant Constants
Summary
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning
will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.39.4", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "2.40.2", "status": "affected", "version": "2.40.0", "versionType": "custom" }, { "lessThan": "2.41.1", "status": "affected", "version": "2.41.0", "versionType": "custom" }, { "lessThan": "2.42.2", "status": "affected", "version": "2.42.0", "versionType": "custom" }, { "lessThan": "2.43.4", "status": "affected", "version": "2.43.0", "versionType": "custom" }, { "lessThan": "2.44.1", "status": "affected", "version": "2.44.0", "versionType": "custom" }, { "lessThan": "2.45.1", "status": "affected", "version": "2.45.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32021", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-11T20:29:23.147248Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-11T20:39:28.890Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:59:50.833Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "= 2.45.0" }, { "status": "affected", "version": "= 2.44.0" }, { "status": "affected", "version": "\u003e= 2.43.0, \u003c 2.43.4" }, { "status": "affected", "version": "\u003e= 2.42.0, \u003c 2.42.2" }, { "status": "affected", "version": "= 2.41.0" }, { "status": "affected", "version": "\u003e= 2.40.0, \u003c 2.40.2" }, { "status": "affected", "version": "\u003c 2.39.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository\u0027s `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning\nwill be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-547", "description": "CWE-547: Use of Hard-coded, Security-relevant Constants", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-26T10:05:54.295Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html" } ], "source": { "advisory": "GHSA-mvxm-9j2h-qjx7", "discovery": "UNKNOWN" }, "title": "Local Git clone may hardlink arbitrary user-readable files into the new repository\u0027s \"objects/\" directory" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-32021", "datePublished": "2024-05-14T19:15:28.534Z", "dateReserved": "2024-04-09T15:29:35.937Z", "dateUpdated": "2025-02-13T17:52:05.770Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-44187 (GCVE-0-2024-44187)
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-14 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- A malicious website may exfiltrate data cross-origin
Summary
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-44187", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-17T13:44:18.458972Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-346", "description": "CWE-346 Origin Validation Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-14T15:25:26.428Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "15", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "18", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "visionOS", "vendor": "Apple", "versions": [ { "lessThan": "2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "18", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "11", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Safari", "vendor": "Apple", "versions": [ { "lessThan": "18", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious website may exfiltrate data cross-origin", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T23:23:16.230Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/121238" }, { "url": "https://support.apple.com/en-us/121248" }, { "url": "https://support.apple.com/en-us/121249" }, { "url": "https://support.apple.com/en-us/121250" }, { "url": "https://support.apple.com/en-us/121240" }, { "url": "https://support.apple.com/en-us/121241" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-44187", "datePublished": "2024-09-16T23:23:16.230Z", "dateReserved": "2024-08-20T21:42:05.933Z", "dateUpdated": "2025-03-14T15:25:26.428Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-21591 (GCVE-0-2025-21591)
Vulnerability from cvelistv5
Published
2025-04-09 19:46
Modified
2025-04-28 16:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-805 - Buffer Access with Incorrect Length Value
Summary
A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.
Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.
This issue affects Junos OS:
* from 23.1 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R2.
This issue isn't applicable to any versions of Junos OS before 23.1R1.
This issue doesn't affect vSRX Series which doesn't support DHCP Snooping.
This issue doesn't affect Junos OS Evolved.
There are no indicators of compromise for this issue.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 23.1 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-21591", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-10T13:17:33.869610Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-10T13:17:41.109Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "dhcp" ], "packageName": "jdhcpd", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.1", "versionType": "semver" }, { "lessThan": "23.4R2-S3", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" }, { "lessThanOrEqual": "23.1R1", "status": "unaffected", "version": "0", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The required minimal configuration is DHCP is configured with DHCP snooping enabled with\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ethe mine-dhcp-client-options and/or mine-dhcpv6-client-options.\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [ vlans \u0026lt;vlan-name\u0026gt; forwarding-options dhcp-security \u003c/span\u003emine-dhcp-client-options ]\u003cbr\u003e\u0026nbsp; [ mine-dhcpv6-client-options ]\u003cbr\u003e\u003c/p\u003e\u003cp\u003ePlease note: It is atypical to use the above configuration with a DHCP server on the same device.\u003c/p\u003e" } ], "value": "The required minimal configuration is DHCP is configured with DHCP snooping enabled with\u00a0the mine-dhcp-client-options and/or mine-dhcpv6-client-options.\u00a0 [ vlans \u003cvlan-name\u003e forwarding-options dhcp-security mine-dhcp-client-options ]\n\u00a0 [ mine-dhcpv6-client-options ]\n\n\nPlease note: It is atypical to use the above configuration with a DHCP server on the same device." } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 23.1 before 23.2R2-S3,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003eThis issue isn\u0027t applicable to any versions of Junos OS before 23.1R1. \u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003eThis issue doesn\u0027t affect vSRX Series which doesn\u0027t support DHCP Snooping. \u003cbr\u003e\u003cbr\u003eThis issue doesn\u0027t affect Junos OS Evolved.\u003cbr\u003e\u003cbr\u003eThere are no indicators of compromise for this issue.\u003cbr\u003e" } ], "value": "A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\n\nContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\n\n\nThis issue affects Junos OS:\n\n\n\n * from 23.1 before 23.2R2-S3,\n * from 23.4 before 23.4R2-S3,\n * from 24.2 before 24.2R2.\n\n\nThis issue isn\u0027t applicable to any versions of Junos OS before 23.1R1. \n\n\n\nThis issue doesn\u0027t affect vSRX Series which doesn\u0027t support DHCP Snooping. \n\nThis issue doesn\u0027t affect Junos OS Evolved.\n\nThere are no indicators of compromise for this issue." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-805", "description": "CWE-805: Buffer Access with Incorrect Length Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-28T16:21:26.535Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96448" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA96448", "defect": [ "1827395" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-21591", "datePublished": "2025-04-09T19:46:55.976Z", "dateReserved": "2024-12-26T14:47:11.667Z", "dateUpdated": "2025-04-28T16:21:26.535Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-32002 (GCVE-0-2024-32002)
Vulnerability from cvelistv5
Published
2024-05-14 18:40
Modified
2025-02-13 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:git:git:2.45.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.45.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.44.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.44.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.43:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.43.4", "status": "affected", "version": "2.43", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.42.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.42.2", "status": "affected", "version": "2.42.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.41.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.41.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.40.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.40.2", "status": "affected", "version": "2.40.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.39.4", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32002", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T14:18:00.384488Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:12:17.508Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:59:50.899Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv" }, { "name": "https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d" }, { "name": "https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt" }, { "name": "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "= 2.45.0" }, { "status": "affected", "version": "= 2.44.0" }, { "status": "affected", "version": "\u003e= 2.43.0, \u003c 2.43.4" }, { "status": "affected", "version": "\u003e= 2.42.0, \u003c 2.42.2" }, { "status": "affected", "version": "= 2.41.0" }, { "status": "affected", "version": "\u003e= 2.40.0, \u003c 2.40.2" }, { "status": "affected", "version": "\u003c 2.39.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule\u0027s worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won\u0027t work. As always, it is best to avoid cloning repositories from untrusted sources." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-434", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-26T10:06:01.593Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv" }, { "name": "https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d" }, { "name": "https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt", "tags": [ "x_refsource_MISC" ], "url": "https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt" }, { "name": "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks", "tags": [ "x_refsource_MISC" ], "url": "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html" } ], "source": { "advisory": "GHSA-8h77-4q3w-gfgv", "discovery": "UNKNOWN" }, "title": "Git\u0027s recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-32002", "datePublished": "2024-05-14T18:40:46.652Z", "dateReserved": "2024-04-08T13:48:37.492Z", "dateUpdated": "2025-02-13T17:52:02.266Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-42284 (GCVE-0-2024-42284)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: Return non-zero value from tipc_udp_addr2str() on error
tipc_udp_addr2str() should return non-zero value if the UDP media
address is invalid. Otherwise, a buffer overflow access can occur in
tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP
media address.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux |
Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 |
||
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-42284", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T16:11:26.639456Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-12T17:33:30.616Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/tipc/udp_media.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7ec3335dd89c8d169e9650e4bac64fde71fdf15b", "status": "affected", "version": "d0f91938bede204a343473792529e0db7d599836", "versionType": "git" }, { "lessThan": "253405541be2f15ffebdeac2f4cf4b7e9144d12f", "status": "affected", "version": "d0f91938bede204a343473792529e0db7d599836", "versionType": "git" }, { "lessThan": "aa38bf74899de07cf70b50cd17f8ad45fb6654c8", "status": "affected", "version": "d0f91938bede204a343473792529e0db7d599836", "versionType": "git" }, { "lessThan": "5eea127675450583680c8170358bcba43227bd69", "status": "affected", "version": "d0f91938bede204a343473792529e0db7d599836", "versionType": "git" }, { "lessThan": "728734352743a78b4c5a7285b282127696a4a813", "status": "affected", "version": "d0f91938bede204a343473792529e0db7d599836", "versionType": "git" }, { "lessThan": "76ddf84a52f0d8ec3f5db6ccce08faf202a17d28", "status": "affected", "version": "d0f91938bede204a343473792529e0db7d599836", "versionType": "git" }, { "lessThan": "2abe350db1aa599eeebc6892237d0bce0f1de62a", "status": "affected", "version": "d0f91938bede204a343473792529e0db7d599836", "versionType": "git" }, { "lessThan": "fa96c6baef1b5385e2f0c0677b32b3839e716076", "status": "affected", "version": "d0f91938bede204a343473792529e0db7d599836", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/tipc/udp_media.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.1" }, { "lessThan": "4.1", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.320", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.282", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.224", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.165", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.103", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.44", "versionType": "semver" }, { "lessThanOrEqual": "6.10.*", "status": "unaffected", "version": "6.10.3", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.320", "versionStartIncluding": "4.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.282", "versionStartIncluding": "4.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.224", "versionStartIncluding": "4.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.165", "versionStartIncluding": "4.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.103", "versionStartIncluding": "4.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.44", "versionStartIncluding": "4.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.10.3", "versionStartIncluding": "4.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.11", "versionStartIncluding": "4.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address." } ], "providerMetadata": { "dateUpdated": "2025-05-04T09:25:55.793Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b" }, { "url": "https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f" }, { "url": "https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8" }, { "url": "https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69" }, { "url": "https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813" }, { "url": "https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28" }, { "url": "https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a" }, { "url": "https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076" } ], "title": "tipc: Return non-zero value from tipc_udp_addr2str() on error", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-42284", "datePublished": "2024-08-17T09:08:50.576Z", "dateReserved": "2024-07-30T07:40:12.262Z", "dateUpdated": "2025-05-04T09:25:55.793Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30657 (GCVE-0-2025-30657)
Vulnerability from cvelistv5
Published
2025-04-09 20:02
Modified
2025-04-09 20:32
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R1-S2, 23.2R2.
This issue does not affected Junos OS Evolved.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30657", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:31:55.715760Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:32:08.395Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S10", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R1-S2, 23.2R2", "status": "affected", "version": "23.2", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "For a system to be exposed to this issue flow-monitoring needs to be configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[ services flow-monitoring (version-ipfix|version9) ]\u003c/span\u003e\u003c/tt\u003e" } ], "value": "For a system to be exposed to this issue flow-monitoring needs to be configured:\n\n[ services flow-monitoring (version-ipfix|version9) ]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSRRD\u003c/span\u003e) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it\u0027s sent to SRRD it\u0027s encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S10,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R1-S2, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affected Junos OS Evolved.\u003cp\u003e\u003c/p\u003e" } ], "value": "An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it\u0027s sent to SRRD it\u0027s encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S10,\n * 22.2 versions before 22.2R3-S6,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R1-S2, 23.2R2.\n\n\n\nThis issue does not affected Junos OS Evolved." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:02:21.815Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96467" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA96467", "defect": [ "1744804" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: Processing of a specific BGP update causes the SRRD process to crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30657", "datePublished": "2025-04-09T20:02:21.815Z", "dateReserved": "2025-03-24T19:34:11.322Z", "dateUpdated": "2025-04-09T20:32:08.395Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-1473 (GCVE-0-2011-1473)
Vulnerability from cvelistv5
Published
2012-06-16 21:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:28:41.480Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065" }, { "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html" }, { "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "[tls] 20110315 SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html" }, { "name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-03-15T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-20T15:06:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065" }, { "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html" }, { "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "[tls] 20110315 SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html" }, { "name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1473", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", "refsource": "MISC", "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "refsource": "MLIST", "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "refsource": "MLIST", "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065" }, { "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" }, { "name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", "refsource": "MISC", "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html" }, { "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2" }, { "name": "SSRT100852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "refsource": "MLIST", "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html" }, { "name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", "refsource": "MISC", "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html" }, { "name": "HPSBMU02776", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "[tls] 20110315 SSL Renegotiation DOS", "refsource": "MLIST", "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "refsource": "MLIST", "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html" }, { "name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d@%3Ccommits.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f@%3Cdev.rocketmq.apache.org%3E" }, { "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557@%3Cdev.rocketmq.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1473", "datePublished": "2012-06-16T21:00:00", "dateReserved": "2011-03-21T00:00:00", "dateUpdated": "2024-08-06T22:28:41.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30652 (GCVE-0-2025-30652)
Vulnerability from cvelistv5
Published
2025-04-09 19:57
Modified
2025-04-09 20:33
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
VLAI Severity ?
EPSS score ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Summary
An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).
When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2.
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S6-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S4-EVO,
* from 24.2-EVO before 24.2R2-EVO.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30652", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:33:13.671866Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:33:23.314Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S10", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S6", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S4", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9-EVO", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S10-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver" }, { "lessThan": "22.2R3-S6-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver" }, { "lessThan": "22.4R3-S6-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver" }, { "lessThan": "23.2R2-S3-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver" }, { "lessThan": "23.4R2-S4-EVO", "status": "affected", "version": "23.4-EVO", "versionType": "semver" }, { "lessThan": "24.2R2-EVO", "status": "affected", "version": "24.2-EVO", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Required configuration for exposure:\u003cbr\u003e\u003ctt\u003e[ edit policy-options defaults ]\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e[\u0026nbsp;asregex-optimize optimize ]\u003c/tt\u003e\u003cbr\u003e" } ], "value": "Required configuration for exposure:\n[ edit policy-options defaults ]\n[\u00a0asregex-optimize optimize ]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003easregex-optimized is configured and a specific \"show route as-path\"\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCLI command \u003c/span\u003e is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S10, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4, \u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eand Junos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9-EVO, \u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S10-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R2-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 24.2-EVO before 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e" } ], "value": "An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).\n\nWhen\u00a0asregex-optimized is configured and a specific \"show route as-path\"\u00a0CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition.\nThis issue affects Junos OS: \n\n\n * All versions before 21.2R3-S9, \n * from 21.4 before 21.4R3-S10, \n * from 22.2 before 22.2R3-S6, \n * from 22.4 before 22.4R3-S6, \n * from 23.2 before 23.2R2-S3, \n * from 23.4 before 23.4R2-S4, \n * from 24.2 before 24.2R2.\n\n\n\nand Junos OS Evolved: \n * All versions before 21.2R3-S9-EVO, \n * from 21.4-EVO before 21.4R3-S10-EVO, \n * from 22.2-EVO before 22.2R3-S6-EVO, \n * from 22.4-EVO before 22.4R3-S6-EVO, \n * from 23.2-EVO before 23.2R2-S3-EVO, \n * from 23.4-EVO before 23.4R2-S4-EVO, \n * from 24.2-EVO before 24.2R2-EVO." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:57:01.859Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96462" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\nJunos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases." } ], "source": { "advisory": "JSA96462", "defect": [ "1848929" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS and Junos OS Evolved: Executing a specific CLI command when asregex-optimized is configured causes an rpd crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\u003cbr\u003eUtilize CLI authorization to disallow execution of the \u0027show route as-path\u0027 command.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUtilize CLI authorization to disallow execution of the \u0027show route as-path\u0027 command." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30652", "datePublished": "2025-04-09T19:57:01.859Z", "dateReserved": "2025-03-24T19:34:11.322Z", "dateUpdated": "2025-04-09T20:33:23.314Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30656 (GCVE-0-2025-30656)
Vulnerability from cvelistv5
Published
2025-04-09 20:01
Modified
2025-04-10 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-167 - Improper Handling of Additional Special Element
Summary
An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS.
This issue affects Junos OS on MX Series and SRX Series:
* all versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S3,
* 24.2 versions before 24.2R1-S2, 24.2R2.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30656", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:24:04.424419Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-10T14:23:32.306Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "MX Series", "SRX Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S10", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S5", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S3", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R1-S2, 24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eTo be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX, and MX with SPC3 with:\u003c/p\u003e\u003ccode\u003euser@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eSIP : Enabled\u003c/code\u003e\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003ePlease verify on MX whether the following is configured:\u003c/p\u003e\u003ccode\u003e[ services ... rule \u0026lt;rule-name\u0026gt; (term \u0026lt;term-name\u0026gt; ) from/match application/application-set \u0026lt;name\u0026gt; ]\u003c/code\u003e\u003cbr\u003e\u003cp\u003ewhere either\u003c/p\u003e\u003ccode\u003ea. name = junos-sip or\u003c/code\u003e\u003cbr\u003e\u003cp\u003ean application or application-set refers to SIP:\u003c/p\u003e\u003ccode\u003eb. [ applications application \u0026lt;name\u0026gt; application-protocol sip ] or\u003c/code\u003e\u003cbr\u003e\u003ccode\u003ec. [ applications application-set \u0026lt;name\u0026gt; application junos-sip ]\u003c/code\u003e\n\n\u003cbr\u003e" } ], "value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX, and MX with SPC3 with:\n\nuser@host\u003e show security alg status | match sip\nSIP : Enabled\n\n\n\nPlease verify on MX whether the following is configured:\n\n[ services ... rule \u003crule-name\u003e (term \u003cterm-name\u003e ) from/match application/application-set \u003cname\u003e ]\nwhere either\n\na. name = junos-sip or\nan application or application-set refers to SIP:\n\nb. [ applications application \u003cname\u003e application-protocol sip ] or\nc. [ applications application-set \u003cname\u003e application junos-sip ]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS on MX Series and SRX Series:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S10,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S5,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S3,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R1-S2, 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e" } ], "value": "An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS.\n\n\n\n\nThis issue affects Junos OS on MX Series and SRX Series:\u00a0\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S10,\n * 22.2 versions before 22.2R3-S6,\n * 22.4 versions before 22.4R3-S5,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S3,\n * 24.2 versions before 24.2R1-S2, 24.2R2." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-167", "description": "CWE-167 Improper Handling of Additional Special Element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:01:48.339Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96466" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4R3-S10\u003c/span\u003e, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, \n\n21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA96466", "defect": [ "1833097" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: MX Series, SRX Series: Processing of specific SIP INVITE messages by the SIP ALG will lead to an FPC crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[\u0026nbsp;security alg sip disable\n\n\n\n]\u003c/tt\u003e" } ], "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\n\n[\u00a0security alg sip disable\n\n\n\n]" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30656", "datePublished": "2025-04-09T20:01:48.339Z", "dateReserved": "2025-03-24T19:34:11.322Z", "dateUpdated": "2025-04-10T14:23:32.306Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-22144 (GCVE-0-2021-22144)
Vulnerability from cvelistv5
Published
2021-07-26 11:48
Modified
2024-08-03 18:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
References
URL | Tags | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:37:17.733Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210827-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-19T23:24:18", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210827-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-22144", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100" }, { "name": "https://security.netapp.com/advisory/ntap-20210827-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210827-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2021-22144", "datePublished": "2021-07-26T11:48:40", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:37:17.733Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-32020 (GCVE-0-2024-32020)
Vulnerability from cvelistv5
Published
2024-05-14 18:54
Modified
2025-02-13 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-281 - Improper Preservation of Permissions
Summary
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.39.4", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.45.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.45.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.44.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.44.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.43:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.43.4", "status": "affected", "version": "2.43", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.42.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.42.2", "status": "affected", "version": "2.42.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.41.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.41.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.40.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.40.2", "status": "affected", "version": "2.40.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32020", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-15T14:32:40.280977Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:15:59.133Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:59:50.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj" }, { "name": "https://github.com/git/git/commit/1204e1a824c34071019fe106348eaa6d88f9528d", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/git/git/commit/1204e1a824c34071019fe106348eaa6d88f9528d" }, { "name": "https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "= 2.45.0" }, { "status": "affected", "version": "= 2.44.0" }, { "status": "affected", "version": "\u003e= 2.43.0, \u003c 2.43.4" }, { "status": "affected", "version": "\u003e= 2.42.0, \u003c 2.42.2" }, { "status": "affected", "version": "= 2.41.0" }, { "status": "affected", "version": "\u003e= 2.40.0, \u003c 2.40.2" }, { "status": "affected", "version": "\u003c 2.39.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository\u0027s object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-281", "description": "CWE-281: Improper Preservation of Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T17:10:03.915Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj" }, { "name": "https://github.com/git/git/commit/1204e1a824c34071019fe106348eaa6d88f9528d", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/git/git/commit/1204e1a824c34071019fe106348eaa6d88f9528d" }, { "name": "https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" } ], "source": { "advisory": "GHSA-5rfh-556j-fhgj", "discovery": "UNKNOWN" }, "title": "Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-32020", "datePublished": "2024-05-14T18:54:08.184Z", "dateReserved": "2024-04-09T15:29:35.937Z", "dateUpdated": "2025-02-13T17:52:05.240Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-7020 (GCVE-0-2020-7020)
Vulnerability from cvelistv5
Published
2020-10-22 16:30
Modified
2024-08-04 09:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-270 - Privilege Context Switching Error
Summary
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
References
URL | Tags | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Elastic | Elasticsearch |
Version: before 6.8.13 and 7.9.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:18:02.985Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://staging-website.elastic.co/community/security/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20201123-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Elasticsearch", "vendor": "Elastic", "versions": [ { "status": "affected", "version": "before 6.8.13 and 7.9.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-270", "description": "CWE-270: Privilege Context Switching Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-11-23T11:06:12", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://staging-website.elastic.co/community/security/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20201123-0001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@elastic.co", "ID": "CVE-2020-7020", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Elasticsearch", "version": { "version_data": [ { "version_value": "before 6.8.13 and 7.9.2" } ] } } ] }, "vendor_name": "Elastic" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-270: Privilege Context Switching Error" } ] } ] }, "references": { "reference_data": [ { "name": "https://staging-website.elastic.co/community/security/", "refsource": "MISC", "url": "https://staging-website.elastic.co/community/security/" }, { "name": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033" }, { "name": "https://security.netapp.com/advisory/ntap-20201123-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201123-0001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2020-7020", "datePublished": "2020-10-22T16:30:15", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2024-08-04T09:18:02.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30653 (GCVE-0-2025-30653)
Vulnerability from cvelistv5
Published
2025-04-09 19:57
Modified
2025-04-09 20:32
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.0 (Medium) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
6.0 (Medium) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-825 - Expired Pointer Dereference
Summary
An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition.
This issue affects:
Junos OS:
* All versions before 22.2R3-S4,
* 22.4 versions before 22.4R3-S2,
* 23.2 versions before 23.2R2,
* 23.4 versions before 23.4R2.
Junos OS Evolved:
* All versions before 22.2R3-S4-EVO,
* 22.4-EVO versions before 22.4R3-S2-EVO,
* 23.2-EVO versions before 23.2R2-EVO,
* 23.4-EVO versions before 23.4R2-EVO.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30653", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:32:27.137092Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:32:41.398Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "22.2R3-S4", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "22.4R3-S2", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2", "status": "affected", "version": "23.4", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "22.2R3-S4-EVO", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "22.4R3-S2-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver" }, { "lessThan": "23.2R2-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver" }, { "lessThan": "23.4R2-EVO", "status": "affected", "version": "23.4-EVO", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eFor this issue to occur, MPLS LSP needs to be configured with node-link-protection and transport-class. The tunnel\nneeds to be configured with both primary (strict hops) and secondary (partially strict hops) paths.\u003cbr\u003e\u003cbr\u003e[ protocols mpls label-switched-path tunnel-\u0026lt;name\u0026gt; node-link-protection ]\u003cbr\u003e[ protocols mpls label-switched-path tunnel-\u0026lt;name\u0026gt; adaptive ]\u003cbr\u003e[ protocols mpls label-switched-path tunnel-\u0026lt;name\u0026gt;\u0026nbsp;primary \u0026lt;route1_name\u0026gt; ]\u003cbr\u003e[ protocols mpls label-switched-path tunnel-\u0026lt;name\u0026gt; secondary \u0026lt;route2_name\u0026gt; ]\u003cbr\u003e[ protocols mpls label-switched-path tunnel-\u0026lt;name\u0026gt; transport-class \u0026lt;name\u0026gt; ]\u003c/p\u003e" } ], "value": "For this issue to occur, MPLS LSP needs to be configured with node-link-protection and transport-class. The tunnel\nneeds to be configured with both primary (strict hops) and secondary (partially strict hops) paths.\n\n[ protocols mpls label-switched-path tunnel-\u003cname\u003e node-link-protection ]\n[ protocols mpls label-switched-path tunnel-\u003cname\u003e adaptive ]\n[ protocols mpls label-switched-path tunnel-\u003cname\u003e\u00a0primary \u003croute1_name\u003e ]\n[ protocols mpls label-switched-path tunnel-\u003cname\u003e secondary \u003croute2_name\u003e ]\n[ protocols mpls label-switched-path tunnel-\u003cname\u003e transport-class \u003cname\u003e ]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\u003cp\u003eOn all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.2R3-S4,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S2,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.2R3-S4-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-S2-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e23.2-EVO versions before 23.2R2-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e23.4-EVO versions before 23.4R2-EVO.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e" } ], "value": "An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 22.2R3-S4,\n\n * 22.4 versions before 22.4R3-S2,\n\n * 23.2 versions before 23.2R2,\n\n * 23.4 versions before 23.4R2.\n\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions before 22.2R3-S4-EVO,\n\n * 22.4-EVO versions before 22.4R3-S2-EVO,\n\n * 23.2-EVO versions before 23.2R2-EVO,\n\n * 23.4-EVO versions before 23.4R2-EVO." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-825", "description": "CWE-825 Expired Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:57:37.713Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96463" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e\u003cbr\u003eJunos OS:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.2R3-S4, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1,\u0026nbsp;and all subsequent releases.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eJunos OS Evolved: 22.2R3-S4-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS:\u00a022.2R3-S4, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1,\u00a0and all subsequent releases.\n\nJunos OS Evolved: 22.2R3-S4-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases." } ], "source": { "advisory": "JSA96463", "defect": [ "1788445" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS and Junos OS Evolved: LSP flap in a specific MPLS scenario leads to rpd crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30653", "datePublished": "2025-04-09T19:57:37.713Z", "dateReserved": "2025-03-24T19:34:11.322Z", "dateUpdated": "2025-04-09T20:32:41.398Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30658 (GCVE-0-2025-30658)
Vulnerability from cvelistv5
Published
2025-04-09 20:02
Modified
2025-04-09 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series
allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic.
A jbuf memory leak can be noticed from the following logs:
(<node>.)<fpc> Warning: jbuf pool id <#> utilization level (<current level>%) is above <threshold>%!
To recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs.
This issue affects Junos OS on SRX Series:
* all versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3-S6,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S3,
* 24.2 versions before 24.2R2.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30658", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:31:25.467424Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:31:32.793Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "SRX Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S10", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S6", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S3", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "To be exposed to this issue the device needs to be configured with Anti-Virus:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security utm utm-policy \u0026lt;name\u0026gt; anti-virus ]\u003c/tt\u003e" } ], "value": "To be exposed to this issue the device needs to be configured with Anti-Virus:\n\n[ security utm utm-policy \u003cname\u003e anti-virus ]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series \n\n\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eallows an unauthenticated, network-based attacker\u003c/span\u003e\u0026nbsp;to cause a Denial-of-Service (DoS).\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJuniper Buffers (\u003c/span\u003ejbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA jbuf memory leak can be noticed from the following logs:\u003c/span\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(\u0026lt;node\u0026gt;.)\u0026lt;fpc\u0026gt; Warning: jbuf pool id \u0026lt;#\u0026gt; utilization level (\u0026lt;current level\u0026gt;%) is above \u0026lt;threshold\u0026gt;%!\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003cp\u003eTo recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S10,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S6,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S3,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2.\u003c/li\u003e\u003c/ul\u003e" } ], "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series \n\nallows an unauthenticated, network-based attacker\u00a0to cause a Denial-of-Service (DoS).\n\nOn all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic.\n\nA jbuf memory leak can be noticed from the following logs:\n\n(\u003cnode\u003e.)\u003cfpc\u003e Warning: jbuf pool id \u003c#\u003e utilization level (\u003ccurrent level\u003e%) is above \u003cthreshold\u003e%!\n\nTo recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs.\n\n\n\n\nThis issue affects Junos OS on SRX Series:\u00a0\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S10,\n * 22.2 versions before 22.2R3-S6,\n * 22.4 versions before 22.4R3-S6,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S3,\n * 24.2 versions before 24.2R2." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:02:50.588Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96469" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA96469", "defect": [ "1815930" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: SRX Series: On devices with Anti-Virus enabled, malicious server responses will cause memory to leak ultimately causing forwarding to stop", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30658", "datePublished": "2025-04-09T20:02:50.588Z", "dateReserved": "2025-03-24T19:34:11.323Z", "dateUpdated": "2025-04-09T20:31:32.793Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-39487 (GCVE-0-2024-39487)
Vulnerability from cvelistv5
Published
2024-07-09 09:52
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
In function bond_option_arp_ip_targets_set(), if newval->string is an
empty string, newval->string+1 will point to the byte after the
string, causing an out-of-bound read.
BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418
Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107
CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:364 [inline]
print_report+0xc1/0x5e0 mm/kasan/report.c:475
kasan_report+0xbe/0xf0 mm/kasan/report.c:588
strlen+0x7d/0xa0 lib/string.c:418
__fortify_strlen include/linux/fortify-string.h:210 [inline]
in4_pton+0xa3/0x3f0 net/core/utils.c:130
bond_option_arp_ip_targets_set+0xc2/0x910
drivers/net/bonding/bond_options.c:1201
__bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767
__bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792
bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817
bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156
dev_attr_store+0x54/0x80 drivers/base/core.c:2366
sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136
kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334
call_write_iter include/linux/fs.h:2020 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x96a/0xd80 fs/read_write.c:584
ksys_write+0x122/0x250 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
---[ end trace ]---
Fix it by adding a check of string length before using it.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux |
Version: f9de11a165943a55e0fbda714caf60eaeb276a42 Version: f9de11a165943a55e0fbda714caf60eaeb276a42 Version: f9de11a165943a55e0fbda714caf60eaeb276a42 Version: f9de11a165943a55e0fbda714caf60eaeb276a42 Version: f9de11a165943a55e0fbda714caf60eaeb276a42 Version: f9de11a165943a55e0fbda714caf60eaeb276a42 Version: f9de11a165943a55e0fbda714caf60eaeb276a42 Version: f9de11a165943a55e0fbda714caf60eaeb276a42 |
||
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39487", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T14:04:37.191643Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T14:04:48.902Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.432Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6a8a4fd082c439e19fede027e80c79bc4c84bb8e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6b21346b399fd1336fe59233a17eb5ce73041ee1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/707c85ba3527ad6aa25552033576b0f1ff835d7b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bfd14e5915c2669f292a31d028e75dcd82f1e7e9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c8eb8ab9a44ff0e73492d0a12a643c449f641a9f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b75e33eae8667084bd4a63e67657c6a5a0f8d1e8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9f835e48bd4c75fdf6a9cff3f0b806a7abde78da" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e271ff53807e8f2c628758290f0e499dbe51cb3d" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/bonding/bond_options.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6a8a4fd082c439e19fede027e80c79bc4c84bb8e", "status": "affected", "version": "f9de11a165943a55e0fbda714caf60eaeb276a42", "versionType": "git" }, { "lessThan": "6b21346b399fd1336fe59233a17eb5ce73041ee1", "status": "affected", "version": "f9de11a165943a55e0fbda714caf60eaeb276a42", "versionType": "git" }, { "lessThan": "707c85ba3527ad6aa25552033576b0f1ff835d7b", "status": "affected", "version": "f9de11a165943a55e0fbda714caf60eaeb276a42", "versionType": "git" }, { "lessThan": "bfd14e5915c2669f292a31d028e75dcd82f1e7e9", "status": "affected", "version": "f9de11a165943a55e0fbda714caf60eaeb276a42", "versionType": "git" }, { "lessThan": "c8eb8ab9a44ff0e73492d0a12a643c449f641a9f", "status": "affected", "version": "f9de11a165943a55e0fbda714caf60eaeb276a42", "versionType": "git" }, { "lessThan": "b75e33eae8667084bd4a63e67657c6a5a0f8d1e8", "status": "affected", "version": "f9de11a165943a55e0fbda714caf60eaeb276a42", "versionType": "git" }, { "lessThan": "9f835e48bd4c75fdf6a9cff3f0b806a7abde78da", "status": "affected", "version": "f9de11a165943a55e0fbda714caf60eaeb276a42", "versionType": "git" }, { "lessThan": "e271ff53807e8f2c628758290f0e499dbe51cb3d", "status": "affected", "version": "f9de11a165943a55e0fbda714caf60eaeb276a42", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/bonding/bond_options.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.13" }, { "lessThan": "3.13", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.318", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.280", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.222", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.163", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.98", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.39", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.318", "versionStartIncluding": "3.13", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.280", "versionStartIncluding": "3.13", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.222", "versionStartIncluding": "3.13", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.163", "versionStartIncluding": "3.13", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.98", "versionStartIncluding": "3.13", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.39", "versionStartIncluding": "3.13", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9.9", "versionStartIncluding": "3.13", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.10", "versionStartIncluding": "3.13", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()\n\nIn function bond_option_arp_ip_targets_set(), if newval-\u003estring is an\nempty string, newval-\u003estring+1 will point to the byte after the\nstring, causing an out-of-bound read.\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418\nRead of size 1 at addr ffff8881119c4781 by task syz-executor665/8107\nCPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0xc1/0x5e0 mm/kasan/report.c:475\n kasan_report+0xbe/0xf0 mm/kasan/report.c:588\n strlen+0x7d/0xa0 lib/string.c:418\n __fortify_strlen include/linux/fortify-string.h:210 [inline]\n in4_pton+0xa3/0x3f0 net/core/utils.c:130\n bond_option_arp_ip_targets_set+0xc2/0x910\ndrivers/net/bonding/bond_options.c:1201\n __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767\n __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792\n bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817\n bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156\n dev_attr_store+0x54/0x80 drivers/base/core.c:2366\n sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136\n kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x96a/0xd80 fs/read_write.c:584\n ksys_write+0x122/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n---[ end trace ]---\n\nFix it by adding a check of string length before using it." } ], "providerMetadata": { "dateUpdated": "2025-05-04T09:16:50.329Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/6a8a4fd082c439e19fede027e80c79bc4c84bb8e" }, { "url": "https://git.kernel.org/stable/c/6b21346b399fd1336fe59233a17eb5ce73041ee1" }, { "url": "https://git.kernel.org/stable/c/707c85ba3527ad6aa25552033576b0f1ff835d7b" }, { "url": "https://git.kernel.org/stable/c/bfd14e5915c2669f292a31d028e75dcd82f1e7e9" }, { "url": "https://git.kernel.org/stable/c/c8eb8ab9a44ff0e73492d0a12a643c449f641a9f" }, { "url": "https://git.kernel.org/stable/c/b75e33eae8667084bd4a63e67657c6a5a0f8d1e8" }, { "url": "https://git.kernel.org/stable/c/9f835e48bd4c75fdf6a9cff3f0b806a7abde78da" }, { "url": "https://git.kernel.org/stable/c/e271ff53807e8f2c628758290f0e499dbe51cb3d" } ], "title": "bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39487", "datePublished": "2024-07-09T09:52:07.664Z", "dateReserved": "2024-06-25T14:23:23.747Z", "dateUpdated": "2025-05-04T09:16:50.329Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-33602 (GCVE-0-2024-33602)
Vulnerability from cvelistv5
Published
2024-05-06 19:22
Modified
2025-02-13 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-466 - Return of Pointer Value Outside of Expected Range
Summary
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The GNU C Library | glibc |
Version: 2.15 < 2.40 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "glibc", "vendor": "gnu", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-33602", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:09:29.755117Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:26:29.854Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0012/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003enscd: netgroup cache assumes NSS callback uses in-buffer strings\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\u003cbr\u003ewhen the NSS callback does not store all strings in the provided buffer.\u003cbr\u003eThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003c/div\u003e" } ], "value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary." } ], "impacts": [ { "capecId": "CAPEC-129", "descriptions": [ { "lang": "en", "value": "CAPEC-129 Pointer Manipulation" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-466", "description": "CWE-466 Return of Pointer Value Outside of Expected Range", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-22T18:06:04.473Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0012/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33602", "datePublished": "2024-05-06T19:22:12.383Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2025-02-13T17:52:21.265Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-36971 (GCVE-0-2024-36971)
Vulnerability from cvelistv5
Published
2024-06-10 09:03
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fix __dst_negative_advice() race
__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.
RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).
Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.
Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.
Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.
Many thanks to Clement Lecigne for tracking this issue.
This old bug became visible after the blamed commit, using UDP sockets.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux |
Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 |
||
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T03:43:50.464Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:4.6:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "affected", "version": "4.6" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "051c0bde9f04", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "db0082825037", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "2295a7ef5c8c", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "eacb8b195579", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "81dd3c82a456", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "5af198c38712", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "b8af8e6118a6", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "92f1655aa2b2", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "051c0bde9f04", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "db0082825037", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "2295a7ef5c8c", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "eacb8b195579", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "81dd3c82a456", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "5af198c38712", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "b8af8e6118a6", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "92f1655aa2b2", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "051c0bde9f04", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "db0082825037", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "2295a7ef5c8c", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "eacb8b195579", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "81dd3c82a456", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "5af198c38712", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "b8af8e6118a6", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "92f1655aa2b2", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "051c0bde9f04", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "db0082825037", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "2295a7ef5c8c", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "eacb8b195579", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "81dd3c82a456", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "5af198c38712", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "b8af8e6118a6", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "92f1655aa2b2", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "051c0bde9f04", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "db0082825037", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "2295a7ef5c8c", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "eacb8b195579", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "81dd3c82a456", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "5af198c38712", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "b8af8e6118a6", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "92f1655aa2b2", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "051c0bde9f04", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "db0082825037", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "2295a7ef5c8c", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "eacb8b195579", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "81dd3c82a456", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "5af198c38712", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "b8af8e6118a6", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "92f1655aa2b2", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "051c0bde9f04", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "db0082825037", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "2295a7ef5c8c", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "eacb8b195579", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "81dd3c82a456", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "5af198c38712", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "b8af8e6118a6", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "92f1655aa2b2", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "051c0bde9f04", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "db0082825037", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "2295a7ef5c8c", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "eacb8b195579", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "81dd3c82a456", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "5af198c38712", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "b8af8e6118a6", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" }, { "lessThan": "92f1655aa2b2", "status": "affected", "version": "a87cb3e48ee8", "versionType": "git" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "4.6", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:4.19.316:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "4.20", "status": "unaffected", "version": "4.19.316", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:5.4.278:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.5", "status": "unaffected", "version": "5.4.278", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:5.10.219:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.11", "status": "unaffected", "version": "5.10.219", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:5.15.161:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.16", "status": "unaffected", "version": "5.15.161", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:6.1.94:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.2", "status": "unaffected", "version": "6.1.94", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:6.6.34:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.7", "status": "unaffected", "version": "6.6.34", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:6.9.4:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.10", "status": "unaffected", "version": "6.9.4", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:6.10:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-36971", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-08T03:55:25.565547Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2024-08-07", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-36971" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-30T01:37:01.447Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "timeline": [ { "lang": "en", "time": "2024-08-07T00:00:00+00:00", "value": "CVE-2024-36971 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "include/net/dst_ops.h", "include/net/sock.h", "net/ipv4/route.c", "net/ipv6/route.c", "net/xfrm/xfrm_policy.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "051c0bde9f0450a2ec3d62a86d2a0d2fad117f13", "status": "affected", "version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314", "versionType": "git" }, { "lessThan": "db0082825037794c5dba9959c9de13ca34cc5e72", "status": "affected", "version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314", "versionType": "git" }, { "lessThan": "2295a7ef5c8c49241bff769e7826ef2582e532a6", "status": "affected", "version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314", "versionType": "git" }, { "lessThan": "eacb8b195579c174a6d3e12a9690b206eb7f28cf", "status": "affected", "version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314", "versionType": "git" }, { "lessThan": "81dd3c82a456b0015461754be7cb2693991421b4", "status": "affected", "version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314", "versionType": "git" }, { "lessThan": "5af198c387128a9d2ddd620b0f0803564a4d4508", "status": "affected", "version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314", "versionType": "git" }, { "lessThan": "b8af8e6118a6605f0e495a58d591ca94a85a50fc", "status": "affected", "version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314", "versionType": "git" }, { "lessThan": "92f1655aa2b2294d0b49925f3b875a634bd3b59e", "status": "affected", "version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "include/net/dst_ops.h", "include/net/sock.h", "net/ipv4/route.c", "net/ipv6/route.c", "net/xfrm/xfrm_policy.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.6" }, { "lessThan": "4.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.316", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.278", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.219", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.161", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.316", "versionStartIncluding": "4.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.278", "versionStartIncluding": "4.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.219", "versionStartIncluding": "4.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.161", "versionStartIncluding": "4.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.94", "versionStartIncluding": "4.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.34", "versionStartIncluding": "4.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9.4", "versionStartIncluding": "4.6", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.10", "versionStartIncluding": "4.6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix __dst_negative_advice() race\n\n__dst_negative_advice() does not enforce proper RCU rules when\nsk-\u003edst_cache must be cleared, leading to possible UAF.\n\nRCU rules are that we must first clear sk-\u003esk_dst_cache,\nthen call dst_release(old_dst).\n\nNote that sk_dst_reset(sk) is implementing this protocol correctly,\nwhile __dst_negative_advice() uses the wrong order.\n\nGiven that ip6_negative_advice() has special logic\nagainst RTF_CACHE, this means each of the three -\u003enegative_advice()\nexisting methods must perform the sk_dst_reset() themselves.\n\nNote the check against NULL dst is centralized in\n__dst_negative_advice(), there is no need to duplicate\nit in various callbacks.\n\nMany thanks to Clement Lecigne for tracking this issue.\n\nThis old bug became visible after the blamed commit, using UDP sockets." } ], "providerMetadata": { "dateUpdated": "2025-05-04T09:13:06.632Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13" }, { "url": "https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72" }, { "url": "https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6" }, { "url": "https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf" }, { "url": "https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4" }, { "url": "https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508" }, { "url": "https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc" }, { "url": "https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e" } ], "title": "net: fix __dst_negative_advice() race", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-36971", "datePublished": "2024-06-10T09:03:23.878Z", "dateReserved": "2024-05-30T15:25:07.082Z", "dateUpdated": "2025-07-30T01:37:01.447Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-32004 (GCVE-0-2024-32004)
Vulnerability from cvelistv5
Published
2024-05-14 18:46
Modified
2025-02-13 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-114 - Process Control
Summary
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T01:59:50.824Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389" }, { "name": "https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8" }, { "name": "https://git-scm.com/docs/git-clone", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git-scm.com/docs/git-clone" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:git:git:2.45.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.45.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.44.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.44.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.43.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.43.4", "status": "affected", "version": "2.43.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.42.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.42.2", "status": "affected", "version": "2.42.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.41.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "2.41.0" } ] }, { "cpes": [ "cpe:2.3:a:git:git:2.40.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.40.2", "status": "affected", "version": "2.40.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "git", "vendor": "git", "versions": [ { "lessThan": "2.39.4", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32004", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-15T17:59:29.364044Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-09T18:41:23.817Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "= 2.45.0" }, { "status": "affected", "version": "= 2.44.0" }, { "status": "affected", "version": "\u003e= 2.43.0, \u003c 2.43.4" }, { "status": "affected", "version": "\u003e= 2.42.0, \u003c 2.42.2" }, { "status": "affected", "version": "= 2.41.0" }, { "status": "affected", "version": "\u003e= 2.40.0, \u003c 2.40.2" }, { "status": "affected", "version": "\u003c 2.39.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-114", "description": "CWE-114: Process Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-26T10:06:05.293Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389" }, { "name": "https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8" }, { "name": "https://git-scm.com/docs/git-clone", "tags": [ "x_refsource_MISC" ], "url": "https://git-scm.com/docs/git-clone" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html" } ], "source": { "advisory": "GHSA-xfc6-vwr8-r389", "discovery": "UNKNOWN" }, "title": "Git vulnerable to Remote Code Execution while cloning special-crafted local repositories" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-32004", "datePublished": "2024-05-14T18:46:32.192Z", "dateReserved": "2024-04-08T13:48:37.493Z", "dateUpdated": "2025-02-13T17:52:03.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21823 (GCVE-0-2024-21823)
Vulnerability from cvelistv5
Published
2024-05-16 20:46
Modified
2024-08-14 20:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-1264 - Hardware Logic with Insecure De-Synchronization between Control and Data Channels
Summary
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T22:27:36.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/15/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-21823", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-23T18:02:56.696203Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-08T14:39:32.573Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-1264", "description": "Hardware Logic with Insecure De-Synchronization between Control and Data Channels", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T20:45:24.842Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/" }, { "name": "http://www.openwall.com/lists/oss-security/2024/05/15/1", "url": "http://www.openwall.com/lists/oss-security/2024/05/15/1" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21823", "datePublished": "2024-05-16T20:46:57.735Z", "dateReserved": "2024-01-24T04:00:22.601Z", "dateUpdated": "2024-08-14T20:45:24.842Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-28746 (GCVE-0-2023-28746)
Vulnerability from cvelistv5
Published
2024-03-14 16:45
Modified
2025-04-26 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-1342 - Information exposure through microarchitectural state after transient execution from some register files
Summary
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Atom(R) Processors |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-28746", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-14T18:58:08.088339Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:28:56.120Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2025-04-26T20:03:13.216Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/12/13" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "url": "http://xenbits.xen.org/xsa/advisory-452.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Atom(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-1342", "description": "Information exposure through microarchitectural state after transient execution from some register files", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-25T22:08:21.946Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/12/13" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-28746", "datePublished": "2024-03-14T16:45:50.370Z", "dateReserved": "2023-05-05T03:00:03.623Z", "dateUpdated": "2025-04-26T20:03:13.216Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30655 (GCVE-0-2025-30655)
Vulnerability from cvelistv5
Published
2025-04-09 20:01
Modified
2025-04-09 20:35
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).
When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition.
The device is only affected if BGP RIB sharding and update-threading is enabled.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2.
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S2-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-EVO.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30655", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:30:14.651561Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:35:13.421Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S8", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S2", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2", "status": "affected", "version": "23.4", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9-EVO", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S8-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver" }, { "lessThan": "22.2R3-S6-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver" }, { "lessThan": "22.4R3-S2-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver" }, { "lessThan": "23.2R2-S3-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver" }, { "lessThan": "23.4R2-EVO", "status": "affected", "version": "23.4-EVO", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following configuration is required on the device for it to be affected:\u003cbr\u003e\u003ctt\u003e[ system processes routing bgp rib-sharding ]\u003cbr\u003e[ system processes routing bgp \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eupdate-threading\u003c/span\u003e ]\u003c/tt\u003e" } ], "value": "The following configuration is required on the device for it to be affected:\n[ system processes routing bgp rib-sharding ]\n[ system processes routing bgp update-threading ]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a specific \"\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eshow bgp neighbor\"\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCLI command\u0026nbsp;\u003c/span\u003eis run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThe device is only affected if BGP RIB sharding and update-threading is enabled.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S8,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eand Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S8-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e" } ], "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).\n\nWhen a specific \"show bgp neighbor\" CLI command\u00a0is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition.\u00a0\n\nThe device is only affected if BGP RIB sharding and update-threading is enabled.\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S8,\n * from 22.2 before 22.2R3-S6,\u00a0\n * from 22.4 before 22.4R3-S2,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2.\n\n\nand Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.2R3-S9-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S8-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S6-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S2-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-EVO." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:01:15.300Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96465" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S8-EVO,\u0026nbsp;22.2R3-S6-EVO, 22.4R3-S2-EVO, 23.2R2-S3-EVO, 23.4R2-EVO, 24.2R1-EVO.\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S8,\u0026nbsp;22.2R3-S6, 22.4R3-S2, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S8-EVO,\u00a022.2R3-S6-EVO, 22.4R3-S2-EVO, 23.2R2-S3-EVO, 23.4R2-EVO, 24.2R1-EVO.\nJunos OS: 21.2R3-S9, 21.4R3-S8,\u00a022.2R3-S6, 22.4R3-S2, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases." } ], "source": { "advisory": "JSA96465", "defect": [ "1797777" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS and Junos OS Evolved: A specific CLI command will cause an RPD crash when rib-sharding and update-threading is enabled", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.\u003cbr\u003eUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e" } ], "value": "There are no known workarounds for this issue.\nUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30655", "datePublished": "2025-04-09T20:01:15.300Z", "dateReserved": "2025-03-24T19:34:11.322Z", "dateUpdated": "2025-04-09T20:35:13.421Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-26735 (GCVE-0-2024-26735)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix possible use-after-free and null-ptr-deref
The pernet operations structure for the subsystem must be registered
before registering the generic netlink family.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux |
Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa |
||
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26735", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T14:17:44.078376Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-27T20:01:54.331Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-01T17:03:12.597Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" }, { "url": "https://security.netapp.com/advisory/ntap-20241101-0012/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ipv6/seg6.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "953f42934533c151f440cd32390044d2396b87aa", "status": "affected", "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa", "versionType": "git" }, { "lessThan": "82831e3ff76ef09fb184eb93b79a3eb3fb284f1d", "status": "affected", "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa", "versionType": "git" }, { "lessThan": "65c38f23d10ff79feea1e5d50b76dc7af383c1e6", "status": "affected", "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa", "versionType": "git" }, { "lessThan": "91b020aaa1e59bfb669d34c968e3db3d5416bcee", "status": "affected", "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa", "versionType": "git" }, { "lessThan": "8391b9b651cfdf80ab0f1dc4a489f9d67386e197", "status": "affected", "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa", "versionType": "git" }, { "lessThan": "9e02973dbc6a91e40aa4f5d87b8c47446fbfce44", "status": "affected", "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa", "versionType": "git" }, { "lessThan": "02b08db594e8218cfbc0e4680d4331b457968a9b", "status": "affected", "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa", "versionType": "git" }, { "lessThan": "5559cea2d5aa3018a5f00dd2aca3427ba09b386b", "status": "affected", "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ipv6/seg6.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.10" }, { "lessThan": "4.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.308", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.270", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.211", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.150", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.80", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.19", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.7.7", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.8", "versionStartIncluding": "4.10", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family." } ], "providerMetadata": { "dateUpdated": "2025-05-04T08:55:13.758Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa" }, { "url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d" }, { "url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6" }, { "url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee" }, { "url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197" }, { "url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44" }, { "url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b" }, { "url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b" } ], "title": "ipv6: sr: fix possible use-after-free and null-ptr-deref", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26735", "datePublished": "2024-04-03T17:00:21.972Z", "dateReserved": "2024-02-19T14:20:24.165Z", "dateUpdated": "2025-05-04T08:55:13.758Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30660 (GCVE-0-2025-30660)
Vulnerability from cvelistv5
Published
2025-04-09 20:05
Modified
2025-04-09 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop.
When this issue occurs the following logs can be observed:
<fpc #> MQSS(0): LI-3: Received a parcel with more than 512B accompanying data
CHASSISD_FPC_ASIC_ERROR: ASIC Error detected <...>
This issue affects Junos OS:
* all versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S8,
* 22.2 versions before 22.2R3-S4,
* 22.4 versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S2,
* 23.4 versions before 23.4R2.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30660", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:29:51.260047Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:29:59.919Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "MX Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S8", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S4", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S5", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S2", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2", "status": "affected", "version": "23.4", "versionType": "semver" } ] } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003eWhen processing a high rate of specific GRE traffic destined to the device, the respective P\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFE will hang causing traffic forwarding to stop. \u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen this issue occurs the following logs can be observed:\u003c/span\u003e\u003c/p\u003e \u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026lt;fpc #\u0026gt; MQSS(0): LI-3: Received a parcel with more than 512B\u0026nbsp;accompanying data \u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCHASSISD_FPC_ASIC_ERROR: ASIC Error detected \u0026lt;...\u0026gt;\u003c/span\u003e\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S8,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S4,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S5,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S2,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e" } ], "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. \n\n\n\nWhen this issue occurs the following logs can be observed:\n\n \u003cfpc #\u003e MQSS(0): LI-3: Received a parcel with more than 512B\u00a0accompanying data \nCHASSISD_FPC_ASIC_ERROR: ASIC Error detected \u003c...\u003e\n\n\nThis issue affects Junos OS:\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S8,\n * 22.2 versions before 22.2R3-S4,\n * 22.4 versions before 22.4R3-S5,\n * 23.2 versions before 23.2R2-S2,\n * 23.4 versions before 23.4R2." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:05:25.345Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96471" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S8, 22.2R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S8, 22.2R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases." } ], "source": { "advisory": "JSA96471", "defect": [ "1784246" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: MX Series: Decapsulation of specific GRE packets leads to PFE reset", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30660", "datePublished": "2025-04-09T20:05:25.345Z", "dateReserved": "2025-03-24T19:34:11.323Z", "dateUpdated": "2025-04-09T20:29:59.919Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-5094 (GCVE-0-2011-5094)
Vulnerability from cvelistv5
Published
2012-06-16 21:00
Modified
2024-09-16 21:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment
References
URL | Tags | |||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:23:40.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html" }, { "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html" }, { "name": "[tls] 20110315 SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-06-16T21:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html" }, { "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html" }, { "name": "[tls] 20110315 SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5094", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", "refsource": "MISC", "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "refsource": "MLIST", "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "refsource": "MLIST", "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065" }, { "name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", "refsource": "MISC", "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html" }, { "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2" }, { "name": "[tls] 20110318 Re: SSL Renegotiation DOS", "refsource": "MLIST", "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html" }, { "name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", "refsource": "MISC", "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html" }, { "name": "[tls] 20110315 SSL Renegotiation DOS", "refsource": "MLIST", "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html" }, { "name": "[tls] 20110315 Re: SSL Renegotiation DOS", "refsource": "MLIST", "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-5094", "datePublished": "2012-06-16T21:00:00Z", "dateReserved": "2012-06-16T00:00:00Z", "dateUpdated": "2024-09-16T21:56:51.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30659 (GCVE-0-2025-30659)
Vulnerability from cvelistv5
Published
2025-04-09 20:03
Modified
2025-04-09 20:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Summary
An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.
This issue affects Junos OS on SRX Series:
* All 21.4 versions,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3-S6,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2.
This issue does not affect versions before 21.4.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 21.4R1 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30659", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:30:29.483767Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:30:38.589Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "SRX Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.4*", "status": "affected", "version": "21.4R1", "versionType": "semver" }, { "lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S6", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S4", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "To be exposed to this issue the SRX needs to be configured for SVR:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ services\u0026nbsp;vector-routing ]\u003c/tt\u003e" } ], "value": "To be exposed to this issue the SRX needs to be configured for SVR:\n\n[ services\u00a0vector-routing ]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll 21.4 versions,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S6,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eThis issue does not affect versions before 21.4." } ], "value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n * All 21.4 versions,\n * 22.2 versions before 22.2R3-S6,\n * 22.4 versions before 22.4R3-S6,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S4,\n * 24.2 versions before 24.2R2.\n\n\n\n\nThis issue does not affect versions before 21.4." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-130", "description": "CWE-130 Improper Handling of Length Parameter Inconsistency", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:03:23.936Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96470" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA96470", "defect": [ "1820807" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30659", "datePublished": "2025-04-09T20:03:23.936Z", "dateReserved": "2025-03-24T19:34:11.323Z", "dateUpdated": "2025-04-09T20:30:38.589Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-42472 (GCVE-0-2024-42472)
Vulnerability from cvelistv5
Published
2024-08-15 18:32
Modified
2025-04-02 22:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality.
When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access.
However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox.
Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code.
For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission.
References
URL | Tags | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-04-02T22:03:10.874Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/08/14/6" }, { "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00025.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "flatpak", "vendor": "flatpak", "versions": [ { "lessThan": "1.14.10", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "1.15.10", "status": "affected", "version": "1.15.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-42472", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T20:04:27.581195Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-15T20:06:08.233Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "flatpak", "vendor": "flatpak", "versions": [ { "status": "affected", "version": "\u003c 1.14.10" }, { "status": "affected", "version": "\u003e= 1.15.0, \u003c 1.15.10" } ] } ], "descriptions": [ { "lang": "en", "value": "Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality.\n\nWhen `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn\u0027t have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access.\n\nHowever, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox.\n\nPartial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code.\n\nFor the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson \"wrap\" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-15T18:32:11.304Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87" }, { "name": "https://github.com/containers/bubblewrap/commit/68e75c3091c87583c28a439b45c45627a94d622c", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/containers/bubblewrap/commit/68e75c3091c87583c28a439b45c45627a94d622c" }, { "name": "https://github.com/containers/bubblewrap/commit/a253257cd298892da43e15201d83f9a02c9b58b5", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/containers/bubblewrap/commit/a253257cd298892da43e15201d83f9a02c9b58b5" }, { "name": "https://github.com/flatpak/flatpak/commit/2cdd1e1e5ae90d7c3a4b60ce2e36e4d609e44e72", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/flatpak/flatpak/commit/2cdd1e1e5ae90d7c3a4b60ce2e36e4d609e44e72" }, { "name": "https://github.com/flatpak/flatpak/commit/3caeb16c31a3ed62d744e2aaf01d684f7991051a", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/flatpak/flatpak/commit/3caeb16c31a3ed62d744e2aaf01d684f7991051a" }, { "name": "https://github.com/flatpak/flatpak/commit/6bd603f6836e9b38b9b937d3b78f3fbf36e7ff75", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/flatpak/flatpak/commit/6bd603f6836e9b38b9b937d3b78f3fbf36e7ff75" }, { "name": "https://github.com/flatpak/flatpak/commit/7c63e53bb2af0aae9097fd2edfd6a9ba9d453e97", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/flatpak/flatpak/commit/7c63e53bb2af0aae9097fd2edfd6a9ba9d453e97" }, { "name": "https://github.com/flatpak/flatpak/commit/8a18137d7e80f0575e8defabf677d81e5cc3a788", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/flatpak/flatpak/commit/8a18137d7e80f0575e8defabf677d81e5cc3a788" }, { "name": "https://github.com/flatpak/flatpak/commit/db3a785241fda63bf53f0ec12bb519aa5210de19", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/flatpak/flatpak/commit/db3a785241fda63bf53f0ec12bb519aa5210de19" } ], "source": { "advisory": "GHSA-7hgv-f2j8-xw87", "discovery": "UNKNOWN" }, "title": "Flatpak may allow access to files outside sandbox for certain apps" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-42472", "datePublished": "2024-08-15T18:32:11.304Z", "dateReserved": "2024-08-02T14:13:04.615Z", "dateUpdated": "2025-04-02T22:03:10.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-22135 (GCVE-0-2021-22135)
Vulnerability from cvelistv5
Published
2021-05-13 17:35
Modified
2024-08-03 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Elastic | Elasticsearch |
Version: before 7.11.2 and 6.8.15 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:30:23.976Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210625-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Elasticsearch", "vendor": "Elastic", "versions": [ { "status": "affected", "version": "before 7.11.2 and 6.8.15" } ] } ], "descriptions": [ { "lang": "en", "value": "Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-25T05:06:33", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210625-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-22135", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Elasticsearch", "version": { "version_data": [ { "version_value": "before 7.11.2 and 6.8.15" } ] } } ] }, "vendor_name": "Elastic" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" }, { "name": "https://security.netapp.com/advisory/ntap-20210625-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210625-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2021-22135", "datePublished": "2021-05-13T17:35:17", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:30:23.976Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-33600 (GCVE-0-2024-33600)
Vulnerability from cvelistv5
Published
2024-05-06 19:22
Modified
2025-03-27 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
nscd: Null pointer crashes after notfound response
If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
netgroup response to the cache, the client request can result in a null
pointer dereference. This flaw was introduced in glibc 2.15 when the
cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The GNU C Library | glibc |
Version: 2.15 < 2.40 |
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-33600", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-07T19:13:16.760599Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-27T14:41:14.484Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.168Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0013/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003enscd: Null pointer crashes after notfound response\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\u003cbr\u003enetgroup response to the cache, the client request can result in a null\u003cbr\u003epointer dereference. This flaw was introduced in glibc 2.15 when the\u003cbr\u003ecache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e" } ], "value": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary." } ], "impacts": [ { "capecId": "CAPEC-129", "descriptions": [ { "lang": "en", "value": "CAPEC-129 Pointer Manipulation" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-22T18:06:08.949Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0013/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: Null pointer crashes after notfound response", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33600", "datePublished": "2024-05-06T19:22:02.726Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2025-03-27T14:41:14.484Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-27838 (GCVE-0-2024-27838)
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-03-17 14:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- A maliciously crafted webpage may be able to fingerprint the user
Summary
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
||
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.887Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214100" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214108" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214103" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214102" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jun/5" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27838", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-19T14:48:32.637340Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-17T14:34:16.793Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "16.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "visionOS", "vendor": "Apple", "versions": [ { "lessThan": "1.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Safari", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user." } ], "problemTypes": [ { "descriptions": [ { "description": "A maliciously crafted webpage may be able to fingerprint the user", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-12T04:06:33.395Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214100" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "https://support.apple.com/en-us/HT214108" }, { "url": "https://support.apple.com/en-us/HT214104" }, { "url": "https://support.apple.com/en-us/HT214103" }, { "url": "https://support.apple.com/en-us/HT214102" }, { "url": "http://seclists.org/fulldisclosure/2024/Jun/5" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27838", "datePublished": "2024-06-10T20:56:40.587Z", "dateReserved": "2024-02-26T15:32:28.528Z", "dateUpdated": "2025-03-17T14:34:16.793Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-40789 (GCVE-0-2024-40789)
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2025-03-18 13:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Processing maliciously crafted web content may lead to an unexpected process crash
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-40789", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-30T19:47:22.230489Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-18T13:47:44.512Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:39:54.706Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214121" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214117" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214116" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214124" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214119" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214123" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214122" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214121" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/16" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/15" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/23" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/21" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/17" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/22" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Safari", "vendor": "Apple", "versions": [ { "lessThan": "17.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "16.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "visionOS", "vendor": "Apple", "versions": [ { "lessThan": "1.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to an unexpected process crash", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-29T22:16:57.905Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214121" }, { "url": "https://support.apple.com/en-us/HT214117" }, { "url": "https://support.apple.com/en-us/HT214116" }, { "url": "https://support.apple.com/en-us/HT214124" }, { "url": "https://support.apple.com/en-us/HT214119" }, { "url": "https://support.apple.com/en-us/HT214123" }, { "url": "https://support.apple.com/en-us/HT214122" }, { "url": "https://support.apple.com/kb/HT214121" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/16" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/15" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/21" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/17" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/22" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-40789", "datePublished": "2024-07-29T22:16:57.905Z", "dateReserved": "2024-07-10T17:11:04.689Z", "dateUpdated": "2025-03-18T13:47:44.512Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-28182 (GCVE-0-2024-28182)
Vulnerability from cvelistv5
Published
2024-04-04 14:41
Modified
2025-02-13 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nghttp2", "vendor": "nghttp2", "versions": [ { "lessThan": "1.61.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28182", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T17:15:08.320689Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-15T15:54:31.848Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-09-27T16:02:59.311Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q" }, { "name": "https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0" }, { "name": "https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00041.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "nghttp2", "vendor": "nghttp2", "versions": [ { "status": "affected", "version": "\u003c 1.61.0" } ] } ], "descriptions": [ { "lang": "en", "value": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-01T18:12:22.033Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q" }, { "name": "https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0" }, { "name": "https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16" } ], "source": { "advisory": "GHSA-x6x3-gv8h-m57q", "discovery": "UNKNOWN" }, "title": "Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-28182", "datePublished": "2024-04-04T14:41:36.587Z", "dateReserved": "2024-03-06T17:35:00.857Z", "dateUpdated": "2025-02-13T17:47:27.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-24808 (GCVE-0-2022-24808)
Vulnerability from cvelistv5
Published
2024-04-16 19:52
Modified
2024-08-03 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:net-snmp:net-snmp:5.9.2:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "net-snmp", "vendor": "net-snmp", "versions": [ { "status": "affected", "version": "5.9.2" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-24808", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-23T18:23:10.723285Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:15:57.749Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T04:20:50.466Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-29" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5209" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240" }, { "tags": [ "x_transferred" ], "url": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "net-snmp", "repo": "https://github.com/net-snmp/net-snmp", "vendor": "net-snmp", "versions": [ { "lessThan": "5.9.2", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\u003cbr\u003e" } ], "value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T19:52:31.783Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225" }, { "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/" }, { "url": "https://security.gentoo.org/glsa/202210-29" }, { "url": "https://www.debian.org/security/2022/dsa-5209" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240" }, { "url": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937" } ], "source": { "discovery": "UNKNOWN" }, "title": "net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24808", "datePublished": "2024-04-16T19:52:31.783Z", "dateReserved": "2022-02-10T16:41:34.917Z", "dateUpdated": "2024-08-03T04:20:50.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-0450 (GCVE-0-2024-0450)
Vulnerability from cvelistv5
Published
2024-03-19 15:12
Modified
2025-04-11 22:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-04-11T22:03:14.930Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://github.com/python/cpython/issues/109858" }, { "tags": [ "x_transferred" ], "url": "https://www.bamsoftware.com/hacks/zipbomb/" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/" }, { "url": "https://security.netapp.com/advisory/ntap-20250411-0005/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cpython", "vendor": "python", "versions": [ { "lessThan": "3.8.18", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "affected", "version": "3.9.18" }, { "status": "affected", "version": "3.10.13" }, { "status": "affected", "version": "3.11.7" }, { "status": "affected", "version": "3.12.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-0450", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-20T14:30:38.300055Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-02T15:00:26.971Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [ { "lessThan": "3.8.19", "status": "affected", "version": "0", "versionType": "python" }, { "lessThan": "3.9.19", "status": "affected", "version": "3.9.0", "versionType": "python" }, { "lessThan": "3.10.14", "status": "affected", "version": "3.10.0", "versionType": "python" }, { "lessThan": "3.11.8", "status": "affected", "version": "3.11.0", "versionType": "python" }, { "lessThan": "3.12.2", "status": "affected", "version": "3.12.0", "versionType": "python" }, { "lessThan": "3.13.0a3", "status": "affected", "version": "3.13.0a1", "versionType": "python" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e" } ], "value": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n" } ], "impacts": [ { "capecId": "CAPEC-130", "descriptions": [ { "lang": "en", "value": "CAPEC-130 Excessive Allocation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:24:15.993Z", "orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF" }, "references": [ { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/python/cpython/issues/109858" }, { "url": "https://www.bamsoftware.com/hacks/zipbomb/" }, { "tags": [ "vendor-advisory" ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "tags": [ "patch" ], "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Quoted zip-bomb protection for zipfile", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "assignerShortName": "PSF", "cveId": "CVE-2024-0450", "datePublished": "2024-03-19T15:12:07.789Z", "dateReserved": "2024-01-11T22:16:41.964Z", "dateUpdated": "2025-04-11T22:03:14.930Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-33599 (GCVE-0-2024-33599)
Vulnerability from cvelistv5
Published
2024-05-06 19:21
Modified
2025-03-26 20:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
nscd: Stack-based buffer overflow in netgroup cache
If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted
by client requests then a subsequent client request for netgroup data
may result in a stack-based buffer overflow. This flaw was introduced
in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The GNU C Library | glibc |
Version: 2.15 < 2.40 |
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-33599", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T19:01:02.703174Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-26T20:40:00.393Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.290Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "nscd: Stack-based buffer overflow in netgroup cache\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\u003cbr\u003eby client requests then a subsequent client request for netgroup data\u003cbr\u003emay result in a stack-based buffer overflow. This flaw was introduced\u003cbr\u003ein glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e" } ], "value": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-22T18:06:10.829Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0011/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "title": "nscd: Stack-based buffer overflow in netgroup cache", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-33599", "datePublished": "2024-05-06T19:21:54.314Z", "dateReserved": "2024-04-24T20:35:08.340Z", "dateUpdated": "2025-03-26T20:40:00.393Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-40954 (GCVE-0-2024-40954)
Vulnerability from cvelistv5
Published
2024-07-12 12:31
Modified
2025-05-04 09:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: do not leave a dangling sk pointer, when socket creation fails
It is possible to trigger a use-after-free by:
* attaching an fentry probe to __sock_release() and the probe calling the
bpf_get_socket_cookie() helper
* running traceroute -I 1.1.1.1 on a freshly booted VM
A KASAN enabled kernel will log something like below (decoded and stripped):
==================================================================
BUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
Read of size 8 at addr ffff888007110dd8 by task traceroute/299
CPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))
print_report (mm/kasan/report.c:378 mm/kasan/report.c:488)
? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
kasan_report (mm/kasan/report.c:603)
? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
bpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)
bpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e
bpf_trampoline_6442506592+0x47/0xaf
__sock_release (net/socket.c:652)
__sock_create (net/socket.c:1601)
...
Allocated by task 299 on cpu 2 at 78.328492s:
kasan_save_stack (mm/kasan/common.c:48)
kasan_save_track (mm/kasan/common.c:68)
__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)
kmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)
sk_prot_alloc (net/core/sock.c:2075)
sk_alloc (net/core/sock.c:2134)
inet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)
__sock_create (net/socket.c:1572)
__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)
__x64_sys_socket (net/socket.c:1718)
do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
Freed by task 299 on cpu 2 at 78.328502s:
kasan_save_stack (mm/kasan/common.c:48)
kasan_save_track (mm/kasan/common.c:68)
kasan_save_free_info (mm/kasan/generic.c:582)
poison_slab_object (mm/kasan/common.c:242)
__kasan_slab_free (mm/kasan/common.c:256)
kmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)
__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)
inet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)
__sock_create (net/socket.c:1572)
__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)
__x64_sys_socket (net/socket.c:1718)
do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
Fix this by clearing the struct socket reference in sk_common_release() to cover
all protocol families create functions, which may already attached the
reference to the sk object with sock_init_data().
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:39:55.910Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/893eeba94c40d513cd0fe6539330ebdaea208c0e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/454c454ed645fed051216b79622f7cb69c1638f5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-40954", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:03:48.944366Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:24.382Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/core/sock.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "78e4aa528a7b1204219d808310524344f627d069", "status": "affected", "version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd", "versionType": "git" }, { "lessThan": "893eeba94c40d513cd0fe6539330ebdaea208c0e", "status": "affected", "version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd", "versionType": "git" }, { "lessThan": "454c454ed645fed051216b79622f7cb69c1638f5", "status": "affected", "version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd", "versionType": "git" }, { "lessThan": "5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9", "status": "affected", "version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd", "versionType": "git" }, { "lessThan": "6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2", "status": "affected", "version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/core/sock.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.162", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.96", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.36", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.12", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.96", "versionStartIncluding": "5.12", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.36", "versionStartIncluding": "5.12", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9.7", "versionStartIncluding": "5.12", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.10", "versionStartIncluding": "5.12", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not leave a dangling sk pointer, when socket creation fails\n\nIt is possible to trigger a use-after-free by:\n * attaching an fentry probe to __sock_release() and the probe calling the\n bpf_get_socket_cookie() helper\n * running traceroute -I 1.1.1.1 on a freshly booted VM\n\nA KASAN enabled kernel will log something like below (decoded and stripped):\n==================================================================\nBUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nRead of size 8 at addr ffff888007110dd8 by task traceroute/299\n\nCPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\nprint_report (mm/kasan/report.c:378 mm/kasan/report.c:488)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_report (mm/kasan/report.c:603)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)\n__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nbpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)\nbpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e\nbpf_trampoline_6442506592+0x47/0xaf\n__sock_release (net/socket.c:652)\n__sock_create (net/socket.c:1601)\n...\nAllocated by task 299 on cpu 2 at 78.328492s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\n__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)\nkmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)\nsk_prot_alloc (net/core/sock.c:2075)\nsk_alloc (net/core/sock.c:2134)\ninet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFreed by task 299 on cpu 2 at 78.328502s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\nkasan_save_free_info (mm/kasan/generic.c:582)\npoison_slab_object (mm/kasan/common.c:242)\n__kasan_slab_free (mm/kasan/common.c:256)\nkmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)\n__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)\ninet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by clearing the struct socket reference in sk_common_release() to cover\nall protocol families create functions, which may already attached the\nreference to the sk object with sock_init_data()." } ], "providerMetadata": { "dateUpdated": "2025-05-04T09:18:42.155Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069" }, { "url": "https://git.kernel.org/stable/c/893eeba94c40d513cd0fe6539330ebdaea208c0e" }, { "url": "https://git.kernel.org/stable/c/454c454ed645fed051216b79622f7cb69c1638f5" }, { "url": "https://git.kernel.org/stable/c/5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9" }, { "url": "https://git.kernel.org/stable/c/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2" } ], "title": "net: do not leave a dangling sk pointer, when socket creation fails", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-40954", "datePublished": "2024-07-12T12:31:57.517Z", "dateReserved": "2024-07-12T12:17:45.592Z", "dateUpdated": "2025-05-04T09:18:42.155Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-26852 (GCVE-0-2024-26852)
Vulnerability from cvelistv5
Published
2024-04-17 10:17
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
syzbot found another use-after-free in ip6_route_mpath_notify() [1]
Commit f7225172f25a ("net/ipv6: prevent use after free in
ip6_route_mpath_notify") was not able to fix the root cause.
We need to defer the fib6_info_release() calls after
ip6_route_mpath_notify(), in the cleanup phase.
[1]
BUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0
Read of size 4 at addr ffff88809a07fc64 by task syz-executor.2/23037
CPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x167/0x540 mm/kasan/report.c:488
kasan_report+0x142/0x180 mm/kasan/report.c:601
rt6_fill_node+0x1460/0x1ac0
inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184
ip6_route_mpath_notify net/ipv6/route.c:5198 [inline]
ip6_route_multipath_add net/ipv6/route.c:5404 [inline]
inet6_rtm_newroute+0x1d0f/0x2300 net/ipv6/route.c:5517
rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f73dd87dda9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005
RBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858
</TASK>
Allocated by task 23037:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:372 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slub.c:3981 [inline]
__kmalloc+0x22e/0x490 mm/slub.c:3994
kmalloc include/linux/slab.h:594 [inline]
kzalloc include/linux/slab.h:711 [inline]
fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155
ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758
ip6_route_multipath_add net/ipv6/route.c:5298 [inline]
inet6_rtm_newroute+0x744/0x2300 net/ipv6/route.c:5517
rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77
Freed by task 16:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640
poison_slab_object+0xa6/0xe0 m
---truncated---
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux |
Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a |
||
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.699Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/31ea5bcc7d4cd1423de6be327a2c034725704136" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/664f9c647260cc9d68b4e31d9899530d89dd045e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/79ce2e54cc0ae366f45516c00bf1b19aa43e9abe" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cae3303257950d03ffec2df4a45e836f10d26c24" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/394334fe2ae3b9f1e2332b873857e84cb28aac18" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ed883060c38721ed828061f6c0c30e5147326c9a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/685f7d531264599b3f167f1e94bbd22f120e5fab" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "31ea5bcc7d4c", "status": "affected", "version": "3b1137fe7482", "versionType": "custom" }, { "lessThan": "664f9c647260", "status": "affected", "version": "3b1137fe7482", "versionType": "custom" }, { "lessThan": "79ce2e54cc0a", "status": "affected", "version": "3b1137fe7482", "versionType": "custom" }, { "lessThan": "cae330325795", "status": "affected", "version": "3b1137fe7482", "versionType": "custom" }, { "lessThan": "394334fe2ae3", "status": "affected", "version": "3b1137fe7482", "versionType": "custom" }, { "lessThan": "ed883060c387", "status": "affected", "version": "3b1137fe7482", "versionType": "custom" }, { "lessThan": "61b34f73cdbd", "status": "affected", "version": "3b1137fe7482", "versionType": "custom" }, { "lessThan": "685f7d531264", "status": "affected", "version": "3b1137fe7482", "versionType": "custom" }, { "status": "affected", "version": "4.11" }, { "lessThan": "4.11", "status": "unaffected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "4.20", "status": "unaffected", "version": "4.19.310", "versionType": "custom" }, { "lessThanOrEqual": "5.5", "status": "unaffected", "version": "5.4.272", "versionType": "custom" }, { "lessThanOrEqual": "5.11", "status": "unaffected", "version": "5.10.213", "versionType": "custom" }, { "lessThanOrEqual": "5.16", "status": "unaffected", "version": "5.15.152", "versionType": "custom" }, { "lessThanOrEqual": "6.2", "status": "unaffected", "version": "6.1.82", "versionType": "custom" }, { "lessThanOrEqual": "6.7", "status": "unaffected", "version": "6.6.22", "versionType": "custom" }, { "lessThanOrEqual": "6.8", "status": "unaffected", "version": "6.7.10", "versionType": "custom" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26852", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-19T20:41:29.771297Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-11T21:48:49.822Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ipv6/route.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "31ea5bcc7d4cd1423de6be327a2c034725704136", "status": "affected", "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a", "versionType": "git" }, { "lessThan": "664f9c647260cc9d68b4e31d9899530d89dd045e", "status": "affected", "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a", "versionType": "git" }, { "lessThan": "79ce2e54cc0ae366f45516c00bf1b19aa43e9abe", "status": "affected", "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a", "versionType": "git" }, { "lessThan": "cae3303257950d03ffec2df4a45e836f10d26c24", "status": "affected", "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a", "versionType": "git" }, { "lessThan": "394334fe2ae3b9f1e2332b873857e84cb28aac18", "status": "affected", "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a", "versionType": "git" }, { "lessThan": "ed883060c38721ed828061f6c0c30e5147326c9a", "status": "affected", "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a", "versionType": "git" }, { "lessThan": "61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda", "status": "affected", "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a", "versionType": "git" }, { "lessThan": "685f7d531264599b3f167f1e94bbd22f120e5fab", "status": "affected", "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ipv6/route.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.11" }, { "lessThan": "4.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.310", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.272", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.213", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.152", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.82", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.22", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.10", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.310", "versionStartIncluding": "4.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.272", "versionStartIncluding": "4.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.213", "versionStartIncluding": "4.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.152", "versionStartIncluding": "4.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.82", "versionStartIncluding": "4.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.22", "versionStartIncluding": "4.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.7.10", "versionStartIncluding": "4.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.8", "versionStartIncluding": "4.11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ipv6: avoid possible UAF in ip6_route_mpath_notify()\n\nsyzbot found another use-after-free in ip6_route_mpath_notify() [1]\n\nCommit f7225172f25a (\"net/ipv6: prevent use after free in\nip6_route_mpath_notify\") was not able to fix the root cause.\n\nWe need to defer the fib6_info_release() calls after\nip6_route_mpath_notify(), in the cleanup phase.\n\n[1]\nBUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0\nRead of size 4 at addr ffff88809a07fc64 by task syz-executor.2/23037\n\nCPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x167/0x540 mm/kasan/report.c:488\n kasan_report+0x142/0x180 mm/kasan/report.c:601\n rt6_fill_node+0x1460/0x1ac0\n inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184\n ip6_route_mpath_notify net/ipv6/route.c:5198 [inline]\n ip6_route_multipath_add net/ipv6/route.c:5404 [inline]\n inet6_rtm_newroute+0x1d0f/0x2300 net/ipv6/route.c:5517\n rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f73dd87dda9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9\nRDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005\nRBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858\n \u003c/TASK\u003e\n\nAllocated by task 23037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:372 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:3981 [inline]\n __kmalloc+0x22e/0x490 mm/slub.c:3994\n kmalloc include/linux/slab.h:594 [inline]\n kzalloc include/linux/slab.h:711 [inline]\n fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155\n ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758\n ip6_route_multipath_add net/ipv6/route.c:5298 [inline]\n inet6_rtm_newroute+0x744/0x2300 net/ipv6/route.c:5517\n rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nFreed by task 16:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640\n poison_slab_object+0xa6/0xe0 m\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2025-05-04T08:57:58.505Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/31ea5bcc7d4cd1423de6be327a2c034725704136" }, { "url": "https://git.kernel.org/stable/c/664f9c647260cc9d68b4e31d9899530d89dd045e" }, { "url": "https://git.kernel.org/stable/c/79ce2e54cc0ae366f45516c00bf1b19aa43e9abe" }, { "url": "https://git.kernel.org/stable/c/cae3303257950d03ffec2df4a45e836f10d26c24" }, { "url": "https://git.kernel.org/stable/c/394334fe2ae3b9f1e2332b873857e84cb28aac18" }, { "url": "https://git.kernel.org/stable/c/ed883060c38721ed828061f6c0c30e5147326c9a" }, { "url": "https://git.kernel.org/stable/c/61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda" }, { "url": "https://git.kernel.org/stable/c/685f7d531264599b3f167f1e94bbd22f120e5fab" } ], "title": "net/ipv6: avoid possible UAF in ip6_route_mpath_notify()", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26852", "datePublished": "2024-04-17T10:17:15.923Z", "dateReserved": "2024-02-19T14:20:24.183Z", "dateUpdated": "2025-05-04T08:57:58.505Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-1737 (GCVE-0-2024-1737)
Vulnerability from cvelistv5
Published
2024-07-23 14:34
Modified
2025-02-13 17:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.4:s1:*:*:supported_preview:*:*:*", "cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.18.0:*:*:*:-:*:*:*", "cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*", "cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*" ], "defaultStatus": "unaffected", "product": "bind", "vendor": "isc", "versions": [ { "lessThanOrEqual": "9.11.37", "status": "affected", "version": "9.11.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.50", "status": "affected", "version": "9.11.4", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27", "status": "affected", "version": "9.16.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.24", "status": "affected", "version": "9.16.8", "versionType": "custom" }, { "lessThanOrEqual": "9.11.37_s1", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.50_s1", "status": "affected", "version": "9.18.11", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27_s1", "status": "affected", "version": "9.19.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-1737", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-26T17:27:11.436620Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-26T17:35:12.133Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:48:21.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20240731-0003/" }, { "name": "CVE-2024-1737", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2024-1737" }, { "name": "RRset limits in zones", "tags": [ "related", "x_transferred" ], "url": "https://kb.isc.org/docs/rrset-limits-in-zones" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/23/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.11.37", "status": "affected", "version": "9.11.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.50", "status": "affected", "version": "9.16.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.24", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.11.37-S1", "status": "affected", "version": "9.11.4-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.16.50-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.27-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention." } ], "datePublic": "2024-07-23T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Processing of queries may be slowed down by a factor of 100." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2024-07-31T11:05:54.006Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2024-1737", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2024-1737" }, { "name": "RRset limits in zones", "tags": [ "related" ], "url": "https://kb.isc.org/docs/rrset-limits-in-zones" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/23/1" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/31/2" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "BIND\u0027s database will be slow if a very large number of RRs exist at the same name", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2024-1737", "datePublished": "2024-07-23T14:34:09.750Z", "dateReserved": "2024-02-22T10:11:43.508Z", "dateUpdated": "2025-02-13T17:32:25.755Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-3651 (GCVE-0-2024-3651)
Vulnerability from cvelistv5
Published
2024-07-07 17:22
Modified
2025-10-15 12:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Summary
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-3651", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-07T19:07:43.737156Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-07T19:07:50.996Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:20:00.683Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kjd/idna", "vendor": "kjd", "versions": [ { "lessThan": "3.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "CWE-1333 Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-10-15T12:49:38.011Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb" }, { "url": "https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d" } ], "source": { "advisory": "93d78d07-d791-4b39-a845-cbfabc44aadb", "discovery": "EXTERNAL" }, "title": "Denial of Service via Quadratic Complexity in kjd/idna" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-3651", "datePublished": "2024-07-07T17:22:10.032Z", "dateReserved": "2024-04-10T23:50:44.569Z", "dateUpdated": "2025-10-15T12:49:38.011Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-40898 (GCVE-0-2024-40898)
Vulnerability from cvelistv5
Published
2024-07-18 09:32
Modified
2024-09-13 17:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache HTTP Server |
Version: 2.4.0 ≤ 2.4.61 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:apache:apache_http_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apache_http_server", "vendor": "apache", "versions": [ { "lessThanOrEqual": "2.4.61", "status": "affected", "version": "2.4.0", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-40898", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-20T03:55:31.524905Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-22T14:29:06.016Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-09-13T17:05:09.541Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240808-0006/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/17/7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.61", "status": "affected", "version": "2.4.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Smi1e (DBAPPSecurity Ltd.)" }, { "lang": "en", "type": "finder", "value": "xiaojunjie (DBAPPSecurity Ltd.)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emalicious requests.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.62 which fixes this issue.\u0026nbsp;" } ], "value": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue.\u00a0" } ], "metrics": [ { "other": { "content": { "text": "important" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-18T09:32:06.990Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2024-07-12T00:00:00.000Z", "value": "reported" } ], "title": "Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2024-40898", "datePublished": "2024-07-18T09:32:06.990Z", "dateReserved": "2024-07-12T11:46:13.929Z", "dateUpdated": "2024-09-13T17:05:09.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30647 (GCVE-0-2025-30647)
Vulnerability from cvelistv5
Published
2025-04-09 19:53
Modified
2025-04-09 20:07
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).
In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash.
user@host> show chassis fpc
Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer
2 Online 36 10 0 9 8 9 32768 26 0
This issue affects Junos OS on MX Series:
* All versions before 21.2R3-S9
* from 21.4 before 21.4R3-S10
* from 22.2 before 22.2R3-S6
* from 22.4 before 22.4R3-S5
* from 23.2 before 23.2R2-S3
* from 23.4 before 23.4R2-S3
* from 24.2 before 24.2R2.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30647", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:07:12.310391Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:07:25.649Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "MX Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S10", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S5", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S3", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "To be exposed to this vulnerability subscriber management needs to be enabled via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[system services subscriber-management enable]\u003c/tt\u003e\u003cbr\u003e" } ], "value": "To be exposed to this vulnerability subscriber management needs to be enabled via:\n\n[system services subscriber-management enable]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIn a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;crash.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\u0026nbsp; \u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003user@host\u0026gt; show chassis fpc\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Temp \u2003\u2003 CPU Utilization (%) \u2003\u2003CPU Utilization (%) \u2003 Memory \u0026nbsp; \u2003\u2003Utilization (%)\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Slot State\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;(C) \u2003\u2003\u0026nbsp; Total\u0026nbsp; \u0026nbsp;Interrupt \u0026nbsp; \u0026nbsp; 1min\u0026nbsp; \u0026nbsp;5min\u0026nbsp; 15min \u2003 \u2003DRAM (MB) \u2003Heap \u0026nbsp; Buffer\u003cbr\u003e\u003cbr\u003e\u0026nbsp; \u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u20032 Online\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;36 \u0026nbsp; \u2003\u2003\u2003 10 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 9 \u0026nbsp; \u0026nbsp; 8 \u0026nbsp; \u0026nbsp; 9 \u0026nbsp; \u2003\u2003\u2003\u2003\u200332768 \u0026nbsp; \u0026nbsp; \u200326 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003cbr\u003e\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eThis issue affects Junos OS on MX Series: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAll versions before 21.2R3-S9\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 21.4 before 21.4R3-S10\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 22.2 before 22.2R3-S6\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 22.4 before 22.4R3-S5\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 23.2 before 23.2R2-S3\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 23.4 before 23.4R2-S3\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 24.2 before 24.2R2.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e" } ], "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).\n\nIn a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a\u00a0crash.\u00a0\n\u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003user@host\u003e show chassis fpc\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Temp \u2003\u2003 CPU Utilization (%) \u2003\u2003CPU Utilization (%) \u2003 Memory \u00a0 \u2003\u2003Utilization (%)\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Slot State\u00a0 \u00a0 \u00a0 \u00a0(C) \u2003\u2003\u00a0 Total\u00a0 \u00a0Interrupt \u00a0 \u00a0 1min\u00a0 \u00a05min\u00a0 15min \u2003 \u2003DRAM (MB) \u2003Heap \u00a0 Buffer\n\n\u00a0 \u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u20032 Online\u00a0 \u00a0 \u00a0 \u00a0 \u00a036 \u00a0 \u2003\u2003\u2003 10 \u00a0 \u00a0 \u00a0 \u00a0 0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 9 \u00a0 \u00a0 8 \u00a0 \u00a0 9 \u00a0 \u2003\u2003\u2003\u2003\u200332768 \u00a0 \u00a0 \u200326 \u00a0 \u00a0 \u00a0 \u00a0 0\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\nThis issue affects Junos OS on MX Series: \n * All versions before 21.2R3-S9\n * from 21.4 before 21.4R3-S10\n * from 22.2 before 22.2R3-S6\n * from 22.4 before 22.4R3-S5\n * from 23.2 before 23.2R2-S3\n * from 23.4 before 23.4R2-S3\n * from 24.2 before 24.2R2." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:53:59.529Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96457" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA96457", "defect": [ "1827261" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:30:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS: MX Series: Subscriber login/logout activity will lead to a memory leak", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30647", "datePublished": "2025-04-09T19:53:59.529Z", "dateReserved": "2025-03-24T19:34:11.321Z", "dateUpdated": "2025-04-09T20:07:25.649Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-40725 (GCVE-0-2024-40725)
Vulnerability from cvelistv5
Published
2024-07-18 09:32
Modified
2025-03-14 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Summary
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes this issue.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache HTTP Server |
Version: 2.4.60 ≤ 2.4.61 |
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-40725", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-14T17:21:48.954496Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-14T17:27:57.926Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-08T13:05:20.309Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240808-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.61", "status": "affected", "version": "2.4.60", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA partial fix for\u0026nbsp; CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "A partial fix for\u00a0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\n\n" } ], "metrics": [ { "other": { "content": { "text": "important" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-668", "description": "CWE-668 Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-18T09:32:43.929Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2024-07-09T09:00:00.000Z", "value": "reported" } ], "title": "Apache HTTP Server: source code disclosure with handlers configured via AddType", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2024-40725", "datePublished": "2024-07-18T09:32:43.929Z", "dateReserved": "2024-07-09T13:41:31.514Z", "dateUpdated": "2025-03-14T17:27:57.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-21595 (GCVE-0-2025-21595)
Vulnerability from cvelistv5
Published
2025-04-09 19:50
Modified
2025-04-10 13:13
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.
This issue does not affect MX Series platforms.
Heap size growth on FPC can be seen using below command.
user@host> show chassis fpc
Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer
0 Online 45 3 0 2 2 2 32768 19 0 <<<<<<< Heap increase in all fPCs
This issue affects Junos OS:
* All versions before 21.2R3-S7,
* 21.4 versions before 21.4R3-S4,
* 22.2 versions before 22.2R3-S1,
* 22.3 versions before 22.3R3-S1,
* 22.4 versions before 22.4R2-S2, 22.4R3.
and Junos OS Evolved:
* All versions before 21.2R3-S7-EVO,
* 21.4-EVO versions before 21.4R3-S4-EVO,
* 22.2-EVO versions before 22.2R3-S1-EVO,
* 22.3-EVO versions before 22.3R3-S1-EVO,
* 22.4-EVO versions before 22.4R3-EVO.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-21595", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-10T13:13:13.960516Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-10T13:13:22.128Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S7", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S4", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S1", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.3R3-S1", "status": "affected", "version": "22.3", "versionType": "semver" }, { "lessThan": "22.4R2-S2, 22.4R3", "status": "affected", "version": "22.4", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S7-EVO", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S4-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver" }, { "lessThan": "22.2R3-S1-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver" }, { "lessThan": "22.3R3-S1-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver" }, { "lessThan": "22.4R3-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options." } ], "value": "To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options." } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime\u0026nbsp;vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.\u003cbr\u003e\u003cbr\u003eThis issue does not affect MX Series platforms.\u003cbr\u003e\u003cp\u003eHeap size growth on FPC can be seen using below command.\u003cbr\u003e\u003c/p\u003e\u003ctt\u003euser@host\u0026gt; show chassis fpc\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Temp CPU Utilization (%) CPU Utilization (%) Memory \u0026nbsp; Utilization (%)\u003cbr\u003eSlot State \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; (C) Total Interrupt \u0026nbsp; \u0026nbsp; 1min \u0026nbsp; 5min \u0026nbsp; 15min \u0026nbsp; DRAM (MB) \u0026nbsp; Heap \u0026nbsp; Buffer\u003cbr\u003e\u0026nbsp; 0 Online \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 45 \u0026nbsp; \u0026nbsp; 3 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0 \u0026nbsp; \u0026nbsp; \u0026nbsp; 2 \u0026nbsp; \u0026nbsp; \u0026nbsp; 2 \u0026nbsp; \u0026nbsp; \u0026nbsp;2 \u0026nbsp; \u0026nbsp; \u0026nbsp; 32768 \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(229, 241, 143);\"\u003e19\u003c/span\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0\u2003\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt; Heap increase in all fPCs\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S7,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S4,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R2-S2, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eand Junos OS Evolved:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S7-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R3-S1-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R3-S1-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-EVO.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e" } ], "value": "A Missing Release of Memory after Effective Lifetime\u00a0vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.\n\nThis issue does not affect MX Series platforms.\nHeap size growth on FPC can be seen using below command.\n\n\nuser@host\u003e show chassis fpc\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temp CPU Utilization (%) CPU Utilization (%) Memory \u00a0 Utilization (%)\nSlot State \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (C) Total Interrupt \u00a0 \u00a0 1min \u00a0 5min \u00a0 15min \u00a0 DRAM (MB) \u00a0 Heap \u00a0 Buffer\n\u00a0 0 Online \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 45 \u00a0 \u00a0 3 \u00a0 \u00a0 \u00a0 \u00a0 0 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a02 \u00a0 \u00a0 \u00a0 32768 \u00a0 \u00a0 \u00a019\u00a0 \u00a0 \u00a0 \u00a00\u2003\u003c\u003c\u003c\u003c\u003c\u003c\u003c Heap increase in all fPCs\n\n\nThis issue affects Junos OS:\n\n * All versions before 21.2R3-S7,\n * 21.4 versions before 21.4R3-S4,\n * 22.2 versions before 22.2R3-S1,\u00a0\n * 22.3 versions before 22.3R3-S1,\u00a0\n * 22.4 versions before 22.4R2-S2, 22.4R3.\n\n\nand Junos OS Evolved:\n\n * All versions before 21.2R3-S7-EVO,\n * 21.4-EVO versions before 21.4R3-S4-EVO,\n * 22.2-EVO versions before 22.2R3-S1-EVO,\u00a0\n * 22.3-EVO versions before 22.3R3-S1-EVO,\u00a0\n\n * 22.4-EVO versions before 22.4R3-EVO." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e" } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:50:28.091Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96450" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue.\u003c/p\u003e\u003cp\u003eJunos OS: 21.2R3-S7, 21.4R3-S4, 22.2R3-S1, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.2R3-S7-EVO, 21.4R3-S4-EVO, 22.2R3-S1-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue.\n\nJunos OS: 21.2R3-S7, 21.4R3-S4, 22.2R3-S1, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R3-S7-EVO, 21.4R3-S4-EVO, 22.2R3-S1-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases." } ], "source": { "advisory": "JSA96450", "defect": [ "1731460" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS and Junos OS Evolved: In an EVPN-VXLAN scenario specific ARP or NDP packets cause FPC to crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-av217" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-21595", "datePublished": "2025-04-09T19:50:28.091Z", "dateReserved": "2024-12-26T14:47:11.669Z", "dateUpdated": "2025-04-10T13:13:22.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-21597 (GCVE-0-2025-21597)
Vulnerability from cvelistv5
Published
2025-04-09 19:50
Modified
2025-04-10 13:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.0 (Medium) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
6.0 (Medium) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled.
This issue affects:
Junos OS:
* All versions before 20.4R3-S8,
* 21.2 versions before 21.2R3-S6,
* 21.3 versions before 21.3R3-S5,
* 21.4 versions before 21.4R3-S4,
* 22.1 versions before 22.1R3-S3,
* 22.2 versions before 22.2R3-S1,
* 22.3 versions before 22.3R3,
* 22.4 versions before 22.4R3.
Junos OS Evolved:
* All versions before 21.2R3-S6-EVO,
* 21.3-EVO versions before 21.3R3-S5-EVO,
* 21.4-EVO versions before 21.4R3-S4-EVO,
* 22.1-EVO versions before 22.1R3-S3-EVO,
* 22.2-EVO versions before :22.2R3-S1-EVO,
* 22.3-EVO versions before 22.3R3-EVO,
* 22.4-EVO versions before 22.4R3-EVO.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-21597", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-10T13:12:39.304791Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-10T13:12:47.198Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "20.4R3-S8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.2R3-S6", "status": "affected", "version": "21.2", "versionType": "semver" }, { "lessThan": "21.3R3-S5", "status": "affected", "version": "21.3", "versionType": "semver" }, { "lessThan": "21.4R3-S4", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.1R3-S3", "status": "affected", "version": "22.1", "versionType": "semver" }, { "lessThan": "22.2R3-S1", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.3R3", "status": "affected", "version": "22.3", "versionType": "semver" }, { "lessThan": "22.4R3", "status": "affected", "version": "22.4", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S6-EVO", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.3R3-S5-EVO", "status": "affected", "version": "21.3-EVO", "versionType": "semver" }, { "lessThan": "21.4R3-S4-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver" }, { "lessThan": "22.1R3-S3-EVO", "status": "affected", "version": "22.1-EVO", "versionType": "semver" }, { "lessThan": "22.2R3-S1-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver" }, { "lessThan": "22.3R3-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver" }, { "lessThan": "22.4R3-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "For this issue to occur, BGP rib-sharding and update-threading needs to be configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[system processes routing bgp rib-sharding]\u003cbr\u003e[\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esystem processes routing bgp update-threading\u003c/span\u003e]\u003c/tt\u003e" } ], "value": "For this issue to occur, BGP rib-sharding and update-threading needs to be configured:\n\n[system processes routing bgp rib-sharding]\n[system processes routing bgp update-threading]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S8,\u003c/li\u003e\u003cli\u003e21.2 versions before 21.2R3-S6,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e21.3 versions before 21.3R3-S5,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S4,\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S3,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S1,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S6-EVO,\u003c/li\u003e\u003cli\u003e21.3-EVO versions before 21.3R3-S5-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.1-EVO versions before 22.1R3-S3-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO versions before :22.2R3-S1-EVO,\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e" } ], "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled.\n\nThis issue affects:\nJunos OS:\n\n\n\n * All versions before 20.4R3-S8,\n * 21.2 versions before 21.2R3-S6,\n\n * 21.3 versions before 21.3R3-S5,\n * 21.4 versions before 21.4R3-S4,\n * 22.1 versions before 22.1R3-S3,\n * 22.2 versions before 22.2R3-S1,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\nJunos OS Evolved:\n\n\n\n * All versions before 21.2R3-S6-EVO,\n * 21.3-EVO versions before 21.3R3-S5-EVO,\n * 21.4-EVO versions before 21.4R3-S4-EVO,\n * 22.1-EVO versions before 22.1R3-S3-EVO,\n * 22.2-EVO versions before :22.2R3-S1-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e" } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-09T19:50:57.792Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://kb.juniper.net/JSA96451" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S8,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.4R3, 23.2R1\u003c/span\u003e, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO\u003c/span\u003e, and all subsequent releases.\u003c/p\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 20.4R3-S8,\u00a021.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases." } ], "source": { "advisory": "JSA96451", "defect": [ "1732833" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2024-04-09T16:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS and Junos OS Evolved: When BGP rib-sharding and update-threading are configured and a peer flaps, an rpd core is observed", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-av217" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-21597", "datePublished": "2025-04-09T19:50:57.792Z", "dateReserved": "2024-12-26T14:47:11.669Z", "dateUpdated": "2025-04-10T13:12:47.198Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-2961 (GCVE-0-2024-2961)
Vulnerability from cvelistv5
Published
2024-04-17 17:27
Modified
2025-02-13 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The GNU C Library | glibc |
Version: 2.1.93 < 2.40 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "glibc", "vendor": "gnu", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.1.93", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-2961", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-30T04:00:23.144191Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:29:57.648Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-15T15:22:29.055Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1" }, { "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2" }, { "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/24/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/9" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/18/4" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/27/3" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240531-0002/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [ { "lessThan": "2.40", "status": "affected", "version": "2.1.93", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Charles Fol" } ], "datePublic": "2024-04-17T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\u003cbr\u003e" } ], "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-22T18:06:06.282Z", "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc" }, "references": [ { "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/24/2" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/17/9" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/18/4" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/2" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/6" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/1" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/4" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/5" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/27/3" }, { "url": "https://security.netapp.com/advisory/ntap-20240531-0002/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "assignerShortName": "glibc", "cveId": "CVE-2024-2961", "datePublished": "2024-04-17T17:27:40.541Z", "dateReserved": "2024-03-26T19:29:31.186Z", "dateUpdated": "2025-02-13T17:47:40.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-7006 (GCVE-0-2024-7006)
Vulnerability from cvelistv5
Published
2024-08-08 20:49
Modified
2025-08-30 22:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-7006", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-03T02:10:18.944536Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-03T02:10:47.534Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-09-20T16:03:14.114Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20240920-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/libtiff/libtiff", "defaultStatus": "unknown", "packageName": "libtiff", "versions": [ { "status": "unaffected", "version": "4.4.0", "versionType": "semver" }, { "status": "unaffected", "version": "4.0.9", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.0.9-33.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.4.0-12.el9_4.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::crb" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.4.0-8.el9_2.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Xu Chang (N/A) for reporting this issue." } ], "datePublic": "2024-07-19T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-30T22:47:36.920Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:6360", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6360" }, { "name": "RHSA-2024:8833", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8833" }, { "name": "RHSA-2024:8914", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8914" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-7006" }, { "name": "RHBZ#2302996", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302996" } ], "timeline": [ { "lang": "en", "time": "2024-08-05T22:40:16.777000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-07-19T00:00:00+00:00", "value": "Made public." } ], "title": "Libtiff: null pointer dereference in tif_dirinfo.c", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-7006", "datePublished": "2024-08-08T20:49:45.373Z", "dateReserved": "2024-07-23T00:57:17.777Z", "dateUpdated": "2025-08-30T22:47:36.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30645 (GCVE-0-2025-30645)
Vulnerability from cvelistv5
Published
2025-04-09 19:52
Modified
2025-04-24 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS). Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition.
On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts.
This issue affects Junos OS on SRX Series:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30645", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-09T20:40:11.024712Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-09T20:40:21.092Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "SRX Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "21.4R3-S9", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.2R3-S5", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.4R3-S6", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2", "status": "affected", "version": "23.4", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Exploitation of this issue requires DS-Lite tunneling to be configured on the SRX Series device:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security softwires softwire-name \u0026lt;name\u0026gt;\u0026nbsp;softwire-concentrator ...]\u003c/tt\u003e" } ], "value": "Exploitation of this issue requires DS-Lite tunneling to be configured on the SRX Series device:\n\n[ security softwires softwire-name \u003cname\u003e\u00a0softwire-concentrator ...]" } ], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).\u0026nbsp; Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eOn all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS on SRX Series: \u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S9, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003c/li\u003e\u003c/ul\u003e" } ], "value": "A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).\u00a0 Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition.\n\nOn all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts.\n\nThis issue affects Junos OS on SRX Series: \n * All versions before 21.2R3-S9, \n * from 21.4 before 21.4R3-S9, \n * from 22.2 before 22.2R3-S5, \n * from 22.4 before 22.4R3-S6, \n * from 23.2 before 23.2R2-S3, \n * from 23.4 before 23.4R2." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:C/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-24T20:04:34.131Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA96455" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.4R3-S6, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.4R3-S6, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases." } ], "source": { "advisory": "JSA96455", "defect": [ "1779792" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication" }, { "lang": "en", "time": "2025-04-24T16:00:00.000Z", "value": "Corrected configuration example for SRX Series" } ], "title": "Junos OS: SRX Series: Transmission of specific control traffic sent out of a DS-Lite tunnel results in flowd crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue." } ], "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-30645", "datePublished": "2025-04-09T19:52:51.730Z", "dateReserved": "2025-03-24T19:34:11.320Z", "dateUpdated": "2025-04-24T20:04:34.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23271 (GCVE-0-2024-23271)
Vulnerability from cvelistv5
Published
2024-04-24 16:43
Modified
2025-02-13 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- A malicious website may cause unexpected cross-origin behavior
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.
References
URL | Tags | |||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios", "vendor": "apple", "versions": [ { "status": "affected", "version": "*" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-23271", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-01T17:21:25.656286Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:45:53.010Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:59:32.112Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214059" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214055" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214056" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214060" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214061" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214060" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214059" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214061" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214055" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214056" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Safari", "vendor": "Apple", "versions": [ { "lessThan": "17.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious website may cause unexpected cross-origin behavior", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-12T09:05:57.489Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214059" }, { "url": "https://support.apple.com/en-us/HT214055" }, { "url": "https://support.apple.com/en-us/HT214056" }, { "url": "https://support.apple.com/en-us/HT214060" }, { "url": "https://support.apple.com/en-us/HT214061" }, { "url": "https://support.apple.com/kb/HT214060" }, { "url": "https://support.apple.com/kb/HT214059" }, { "url": "https://support.apple.com/kb/HT214061" }, { "url": "https://support.apple.com/kb/HT214055" }, { "url": "https://support.apple.com/kb/HT214056" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-23271", "datePublished": "2024-04-24T16:43:43.625Z", "dateReserved": "2024-01-12T22:22:21.498Z", "dateUpdated": "2025-02-13T17:39:21.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…