Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2023-4863
Vulnerability from cvelistv5
Published
2023-09-12 14:24
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
References
Impacted products
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2023-09-13
Due date: 2023-10-04
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Used in ransomware: Unknown
Notes: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-19T07:48:10.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", }, { tags: [ "x_transferred", ], url: "https://crbug.com/1479274", }, { tags: [ "x_transferred", ], url: "https://en.bandisoft.com/honeyview/history/", }, { tags: [ "x_transferred", ], url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { tags: [ "x_transferred", ], url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { tags: [ "x_transferred", ], url: "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", }, { tags: [ "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2023-4863", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1215231", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37478403", }, { tags: [ "x_transferred", ], url: "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5496", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5497", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5498", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202309-05", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", }, { tags: [ "x_transferred", ], url: "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", }, { tags: [ "x_transferred", ], url: "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/21/4", }, { tags: [ "x_transferred", ], url: "https://blog.isosceles.com/the-webp-0day/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/4", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/5", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/8", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/7", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/6", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/26/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/26/7", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/28/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/28/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/28/4", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230929-0011/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", }, { tags: [ "x_transferred", ], url: "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", }, { tags: [ "x_transferred", ], url: "https://www.bentley.com/advisories/be-2023-0001/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-10", }, { url: "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-4863", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-11-28T05:00:18.341149Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-09-13", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-4863", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T14:09:33.514Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Chrome", vendor: "Google", versions: [ { lessThan: "116.0.5845.187", status: "affected", version: "116.0.5845.187", versionType: "custom", }, ], }, { product: "libwebp", vendor: "Google", versions: [ { lessThan: "1.3.2", status: "affected", version: "1.3.2", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", }, ], problemTypes: [ { descriptions: [ { description: "Heap buffer overflow", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-07T11:07:27.027Z", orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", shortName: "Chrome", }, references: [ { url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", }, { url: "https://crbug.com/1479274", }, { url: "https://en.bandisoft.com/honeyview/history/", }, { url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { url: "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", }, { url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", }, { url: "https://security-tracker.debian.org/tracker/CVE-2023-4863", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1215231", }, { url: "https://news.ycombinator.com/item?id=37478403", }, { url: "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", }, { url: "https://www.debian.org/security/2023/dsa-5496", }, { url: "https://www.debian.org/security/2023/dsa-5497", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", }, { url: "https://www.debian.org/security/2023/dsa-5498", }, { url: "https://security.gentoo.org/glsa/202309-05", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", }, { url: "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", }, { url: "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/21/4", }, { url: "https://blog.isosceles.com/the-webp-0day/", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/22/1", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/22/3", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/22/4", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/22/5", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/22/8", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/22/7", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/22/6", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/26/1", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/26/7", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/28/1", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/28/2", }, { url: "http://www.openwall.com/lists/oss-security/2023/09/28/4", }, { url: "https://security.netapp.com/advisory/ntap-20230929-0011/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", }, { url: "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", }, { url: "https://www.bentley.com/advisories/be-2023-0001/", }, { url: "https://security.gentoo.org/glsa/202401-10", }, ], }, }, cveMetadata: { assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", assignerShortName: "Chrome", cveId: "CVE-2023-4863", datePublished: "2023-09-12T14:24:59.275Z", dateReserved: "2023-09-09T01:02:58.312Z", dateUpdated: "2025-02-13T17:18:19.245Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { cisa_known_exploited: { cveID: "CVE-2023-4863", cwes: "[\"CWE-787\"]", dateAdded: "2023-09-13", dueDate: "2023-10-04", knownRansomwareCampaignUse: "Unknown", notes: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863", product: "Chromium WebP", requiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", shortDescription: "Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.", vendorProject: "Google", vulnerabilityName: "Google Chromium WebP Heap-Based Buffer Overflow Vulnerability", }, nvd: "{\"cve\":{\"id\":\"CVE-2023-4863\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2023-09-12T15:15:24.327\",\"lastModified\":\"2025-03-13T16:17:15.573\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)\"},{\"lang\":\"es\",\"value\":\"El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-09-13\",\"cisaActionDue\":\"2023-10-04\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Google Chromium WebP Heap-Based Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"116.0.5845.187\",\"matchCriteriaId\":\"856C1821-5D22-4A4E-859D-8F5305255AB7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"102.15.1\",\"matchCriteriaId\":\"54B8855E-19B9-4D20-9B93-A5219F077335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"117.0.1\",\"matchCriteriaId\":\"FBA8858E-AB6C-4708-820D-3F9D8D5A077F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionStartIncluding\":\"115.1.0\",\"versionEndExcluding\":\"115.2.1\",\"matchCriteriaId\":\"6C494574-4187-4BC7-816B-6C1C288D711E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.15.1\",\"matchCriteriaId\":\"A073724D-52BD-4426-B58D-7A8BD24B8F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"115.0\",\"versionEndExcluding\":\"115.2.2\",\"matchCriteriaId\":\"952BEC0C-2DB0-476A-AF62-1269F8635B4A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"116.0.1938.81\",\"matchCriteriaId\":\"0C8F8BD1-1D13-4605-BF19-E4292E2D6A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:teams:*:*:*:*:*:macos:*:*\",\"versionEndExcluding\":\"1.6.00.26463\",\"matchCriteriaId\":\"11C16818-7453-46CB-89C2-2A4D4452A198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:teams:*:*:*:*:desktop:*:*:*\",\"versionEndExcluding\":\"1.6.00.26474\",\"matchCriteriaId\":\"46625A28-312D-4406-87AE-8A7C93222A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:webp_image_extension:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.62681.0\",\"matchCriteriaId\":\"201D3850-75A4-4CB4-A312-B01BF51C7C8A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.2\",\"matchCriteriaId\":\"2804DDE4-B0A4-4B7F-A318-F491B6316B34\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bentley:seequent_leapfrog:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.2\",\"matchCriteriaId\":\"E50A797C-2C6C-46A5-A9D0-8CD877EBA3CD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bandisoft:honeyview:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.51\",\"matchCriteriaId\":\"A9D1BE06-A20B-43F3-B78D-21F2FF20026C\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/21/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/3\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/5\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/6\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/7\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/8\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/7\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/2\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.isosceles.com/the-webp-0day/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1215231\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1479274\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://en.bandisoft.com/honeyview/history/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37478403\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-4863\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-05\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230929-0011/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bentley.com/advisories/be-2023-0001/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5496\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5497\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5498\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/21/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.isosceles.com/the-webp-0day/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1215231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1479274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://en.bandisoft.com/honeyview/history/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37478403\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-4863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230929-0011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bentley.com/advisories/be-2023-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5498\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://crbug.com/1479274\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://en.bandisoft.com/honeyview/history/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-4863\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1215231\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37478403\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5496\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5497\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5498\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-05\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/21/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.isosceles.com/the-webp-0day/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230929-0011/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bentley.com/advisories/be-2023-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-19T07:48:10.265Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4863\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-11-28T05:00:18.341149Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-09-13\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-4863\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T14:04:35.481Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"116.0.5845.187\", \"lessThan\": \"116.0.5845.187\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Google\", \"product\": \"libwebp\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.3.2\", \"lessThan\": \"1.3.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\"}, {\"url\": \"https://crbug.com/1479274\"}, {\"url\": \"https://en.bandisoft.com/honeyview/history/\"}, {\"url\": \"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\"}, {\"url\": \"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\"}, {\"url\": \"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\"}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-4863\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1215231\"}, {\"url\": \"https://news.ycombinator.com/item?id=37478403\"}, {\"url\": \"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5496\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5497\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5498\"}, {\"url\": \"https://security.gentoo.org/glsa/202309-05\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\"}, {\"url\": \"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\"}, {\"url\": \"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/21/4\"}, {\"url\": \"https://blog.isosceles.com/the-webp-0day/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/3\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/4\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/5\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/8\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/7\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/6\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/7\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/4\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230929-0011/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\"}, {\"url\": \"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\"}, {\"url\": \"https://www.bentley.com/advisories/be-2023-0001/\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Heap buffer overflow\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2024-01-07T11:07:27.027Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2023-4863\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:18:19.245Z\", \"dateReserved\": \"2023-09-09T01:02:58.312Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2023-09-12T14:24:59.275Z\", \"assignerShortName\": \"Chrome\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
rhsa-2023:5222
Vulnerability from csaf_redhat
Published
2023-09-19 08:01
Modified
2025-03-23 07:35
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Update 05 October 2023]
This advisory has been updated to push packages into TUS and E4S channels
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Update 05 October 2023]\nThis advisory has been updated to push packages into TUS and E4S channels", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5222", url: "https://access.redhat.com/errata/RHSA-2023:5222", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5222.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:35:14+00:00", generator: { date: "2025-03-23T07:35:14+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5222", initial_release_date: "2023-09-19T08:01:54+00:00", revision_history: [ { date: "2023-09-19T08:01:54+00:00", number: "1", summary: "Initial version", }, { date: "2023-10-06T13:01:35+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:35:14+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.4::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.src", product: { name: "libwebp-0:1.0.0-7.el8_4.1.src", product_id: "libwebp-0:1.0.0-7.el8_4.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.src", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.src", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.src", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:01:54+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5222", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, ], }
rhsa-2023:5185
Vulnerability from csaf_redhat
Published
2023-09-18 13:34
Modified
2025-03-23 07:34
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5185", url: "https://access.redhat.com/errata/RHSA-2023:5185", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5185.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:34:04+00:00", generator: { date: "2025-03-23T07:34:04+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5185", initial_release_date: "2023-09-18T13:34:00+00:00", revision_history: [ { date: "2023-09-18T13:34:00+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:34:00+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:34:04+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.4::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.src", product: { name: "thunderbird-0:102.15.1-1.el8_4.src", product_id: "thunderbird-0:102.15.1-1.el8_4.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.aarch64", product: { name: "thunderbird-0:102.15.1-1.el8_4.aarch64", product_id: "thunderbird-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_4.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.s390x", product: { name: "thunderbird-0:102.15.1-1.el8_4.s390x", product_id: "thunderbird-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5185", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5201
Vulnerability from csaf_redhat
Published
2023-09-18 14:31
Modified
2024-11-23 01:10
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5201", url: "https://access.redhat.com/errata/RHSA-2023:5201", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5201.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2024-11-23T01:10:12+00:00", generator: { date: "2024-11-23T01:10:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5201", initial_release_date: "2023-09-18T14:31:22+00:00", revision_history: [ { date: "2023-09-18T14:31:22+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T14:31:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:10:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.src", product: { name: "thunderbird-0:102.15.1-1.el8_8.src", product_id: "thunderbird-0:102.15.1-1.el8_8.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.aarch64", product: { name: "thunderbird-0:102.15.1-1.el8_8.aarch64", product_id: "thunderbird-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_8.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_8.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.s390x", product: { name: "thunderbird-0:102.15.1-1.el8_8.s390x", product_id: "thunderbird-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.src", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:31:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5201", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:31:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5201", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5185
Vulnerability from csaf_redhat
Published
2023-09-18 13:34
Modified
2024-11-23 01:05
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5185", url: "https://access.redhat.com/errata/RHSA-2023:5185", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5185.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2024-11-23T01:05:11+00:00", generator: { date: "2024-11-23T01:05:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5185", initial_release_date: "2023-09-18T13:34:00+00:00", revision_history: [ { date: "2023-09-18T13:34:00+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:34:00+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:05:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.4::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.src", product: { name: "thunderbird-0:102.15.1-1.el8_4.src", product_id: "thunderbird-0:102.15.1-1.el8_4.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.aarch64", product: { name: "thunderbird-0:102.15.1-1.el8_4.aarch64", product_id: "thunderbird-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_4.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.s390x", product: { name: "thunderbird-0:102.15.1-1.el8_4.s390x", product_id: "thunderbird-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5185", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5198
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2024-11-23 01:10
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5198", url: "https://access.redhat.com/errata/RHSA-2023:5198", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5198.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2024-11-23T01:10:40+00:00", generator: { date: "2024-11-23T01:10:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5198", initial_release_date: "2023-09-18T13:54:07+00:00", revision_history: [ { date: "2023-09-18T13:54:07+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:54:07+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:10:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.src", product: { name: "firefox-0:102.15.1-1.el8_6.src", product_id: "firefox-0:102.15.1-1.el8_6.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.aarch64", product: { name: "firefox-0:102.15.1-1.el8_6.aarch64", product_id: "firefox-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_6.ppc64le", product_id: "firefox-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.x86_64", product: { name: "firefox-0:102.15.1-1.el8_6.x86_64", product_id: "firefox-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.s390x", product: { name: "firefox-0:102.15.1-1.el8_6.s390x", product_id: "firefox-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", }, product_reference: "firefox-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", }, product_reference: "firefox-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", }, product_reference: "firefox-0:102.15.1-1.el8_6.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5198", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5198", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5191
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2025-03-23 07:33
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5191", url: "https://access.redhat.com/errata/RHSA-2023:5191", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5191.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:33:04+00:00", generator: { date: "2025-03-23T07:33:04+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5191", initial_release_date: "2023-09-18T13:54:41+00:00", revision_history: [ { date: "2023-09-18T13:54:41+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:54:41+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:33:04+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el7_9.src", product: { name: "thunderbird-0:102.15.1-1.el7_9.src", product_id: "thunderbird-0:102.15.1-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el7_9.x86_64", product: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64", product_id: "thunderbird-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el7_9.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le", product_id: "thunderbird-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el7_9?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5191", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5191", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5205
Vulnerability from csaf_redhat
Published
2023-09-18 15:19
Modified
2025-03-23 07:39
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5205", url: "https://access.redhat.com/errata/RHSA-2023:5205", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5205.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:39:53+00:00", generator: { date: "2025-03-23T07:39:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5205", initial_release_date: "2023-09-18T15:19:44+00:00", revision_history: [ { date: "2023-09-18T15:19:44+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T15:19:44+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:39:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.0::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.src", product: { name: "firefox-0:102.15.1-1.el9_0.src", product_id: "firefox-0:102.15.1-1.el9_0.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.aarch64", product: { name: "firefox-0:102.15.1-1.el9_0.aarch64", product_id: "firefox-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.ppc64le", product: { name: "firefox-0:102.15.1-1.el9_0.ppc64le", product_id: "firefox-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.x86_64", product: { name: "firefox-0:102.15.1-1.el9_0.x86_64", product_id: "firefox-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.s390x", product: { name: "firefox-0:102.15.1-1.el9_0.s390x", product_id: "firefox-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", }, product_reference: "firefox-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", }, product_reference: "firefox-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", }, product_reference: "firefox-0:102.15.1-1.el9_0.src", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", }, product_reference: "firefox-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5205", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5205", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5204
Vulnerability from csaf_redhat
Published
2023-09-18 15:19
Modified
2025-03-23 07:36
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5204", url: "https://access.redhat.com/errata/RHSA-2023:5204", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5204.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:36:28+00:00", generator: { date: "2025-03-23T07:36:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5204", initial_release_date: "2023-09-18T15:19:12+00:00", revision_history: [ { date: "2023-09-18T15:19:12+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T15:19:12+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:36:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.0::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.src", product: { name: "libwebp-0:1.2.0-6.el9_0.src", product_id: "libwebp-0:1.2.0-6.el9_0.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-0:1.2.0-6.el9_0.i686", product_id: "libwebp-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.i686", product_id: "libwebp-devel-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-devel-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", }, product_reference: "libwebp-0:1.2.0-6.el9_0.src", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5204", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5204", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5205
Vulnerability from csaf_redhat
Published
2023-09-18 15:19
Modified
2024-11-23 01:10
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5205", url: "https://access.redhat.com/errata/RHSA-2023:5205", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5205.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2024-11-23T01:10:21+00:00", generator: { date: "2024-11-23T01:10:21+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5205", initial_release_date: "2023-09-18T15:19:44+00:00", revision_history: [ { date: "2023-09-18T15:19:44+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T15:19:44+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:10:21+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.0::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.src", product: { name: "firefox-0:102.15.1-1.el9_0.src", product_id: "firefox-0:102.15.1-1.el9_0.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.aarch64", product: { name: "firefox-0:102.15.1-1.el9_0.aarch64", product_id: "firefox-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.ppc64le", product: { name: "firefox-0:102.15.1-1.el9_0.ppc64le", product_id: "firefox-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.x86_64", product: { name: "firefox-0:102.15.1-1.el9_0.x86_64", product_id: "firefox-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.s390x", product: { name: "firefox-0:102.15.1-1.el9_0.s390x", product_id: "firefox-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", }, product_reference: "firefox-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", }, product_reference: "firefox-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", }, product_reference: "firefox-0:102.15.1-1.el9_0.src", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", }, product_reference: "firefox-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5205", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5205", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5214
Vulnerability from csaf_redhat
Published
2023-09-19 08:06
Modified
2024-11-23 01:10
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5214", url: "https://access.redhat.com/errata/RHSA-2023:5214", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5214.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2024-11-23T01:10:58+00:00", generator: { date: "2024-11-23T01:10:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5214", initial_release_date: "2023-09-19T08:06:01+00:00", revision_history: [ { date: "2023-09-19T08:06:01+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T08:06:01+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:10:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux CRB (v. 9)", product: { name: "Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-tools-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-devel-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.src", product: { name: "libwebp-0:1.2.0-7.el9_2.src", product_id: "libwebp-0:1.2.0-7.el9_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-0:1.2.0-7.el9_2.i686", product_id: "libwebp-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.i686", product_id: "libwebp-devel-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", }, product_reference: "libwebp-0:1.2.0-7.el9_2.src", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.src as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", }, product_reference: "libwebp-0:1.2.0-7.el9_2.src", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:06:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5214", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:06:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5214", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5200
Vulnerability from csaf_redhat
Published
2023-09-18 14:29
Modified
2025-03-23 07:38
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5200", url: "https://access.redhat.com/errata/RHSA-2023:5200", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5200.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:38:20+00:00", generator: { date: "2025-03-23T07:38:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5200", initial_release_date: "2023-09-18T14:29:44+00:00", revision_history: [ { date: "2023-09-18T14:29:44+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T14:29:44+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:38:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.src", product: { name: "firefox-0:102.15.1-1.el9_2.src", product_id: "firefox-0:102.15.1-1.el9_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-x11-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-x11-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-x11-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-x11-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-0:102.15.1-1.el9_2.s390x", product_id: "firefox-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-x11-0:102.15.1-1.el9_2.s390x", product_id: "firefox-x11-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", }, product_reference: "firefox-0:102.15.1-1.el9_2.src", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:29:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5200", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:29:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5200", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5223
Vulnerability from csaf_redhat
Published
2023-09-19 08:04
Modified
2024-11-23 01:10
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5223", url: "https://access.redhat.com/errata/RHSA-2023:5223", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5223.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2024-11-23T01:10:49+00:00", generator: { date: "2024-11-23T01:10:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5223", initial_release_date: "2023-09-19T08:04:31+00:00", revision_history: [ { date: "2023-09-19T08:04:31+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T08:04:31+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:10:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.0::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.src", product: { name: "thunderbird-0:102.15.1-1.el9_0.src", product_id: "thunderbird-0:102.15.1-1.el9_0.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.aarch64", product: { name: "thunderbird-0:102.15.1-1.el9_0.aarch64", product_id: "thunderbird-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el9_0.ppc64le", product_id: "thunderbird-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.x86_64", product: { name: "thunderbird-0:102.15.1-1.el9_0.x86_64", product_id: "thunderbird-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.s390x", product: { name: "thunderbird-0:102.15.1-1.el9_0.s390x", product_id: "thunderbird-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.src", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:04:31+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5223", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:04:31+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5223", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhba-2023:5988
Vulnerability from csaf_redhat
Published
2023-10-23 08:30
Modified
2025-03-23 07:34
Summary
Red Hat Bug Fix Advisory: Updated rhel9/firefox-flatpak container image
Notes
Topic
An updated rhel9/firefox-flatpak container image is now available in the Red Hat container registry.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Flatpak is a system for running graphical applications as containers. Installing an application as a Flatpak rather than as an individual package allows it to be installed and updated independently of the host operating system.
This updates the rhel9/firefox-flatpak image of Firefox in the Red Hat container registry.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated rhel9/firefox-flatpak container image is now available in the Red Hat container registry.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nFlatpak is a system for running graphical applications as containers. Installing an application as a Flatpak rather than as an individual package allows it to be installed and updated independently of the host operating system.\n\nThis updates the rhel9/firefox-flatpak image of Firefox in the Red Hat container registry.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2023:5988", url: "https://access.redhat.com/errata/RHBA-2023:5988", }, { category: "external", summary: "https://catalog.redhat.com/software/containers/search", url: "https://catalog.redhat.com/software/containers/search", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_5988.json", }, ], title: "Red Hat Bug Fix Advisory: Updated rhel9/firefox-flatpak container image", tracking: { current_release_date: "2025-03-23T07:34:08+00:00", generator: { date: "2025-03-23T07:34:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2023:5988", initial_release_date: "2023-10-23T08:30:22+00:00", revision_history: [ { date: "2023-10-23T08:30:22+00:00", number: "1", summary: "Initial version", }, { date: "2023-10-23T08:30:22+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:34:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "rhel9/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd_amd64", product: { name: "rhel9/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd_amd64", product_id: "rhel9/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd_amd64", product_identification_helper: { purl: "pkg:oci/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd?arch=amd64&repository_url=registry.redhat.io/rhel9/firefox-flatpak&tag=flatpak-9020020231006113910.2", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhel9/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:rhel9/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd_amd64", }, product_reference: "rhel9/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd_amd64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:rhel9/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-23T08:30:22+00:00", details: "To install and use Red Hat Enterprise Linux Flatpak content available in the the Red Hat Container Catalog, make sure that you have the latest version of the Flatpak client installed on your system:\n\nyum update flatpak\n\nAfter updating the Flatpak packages, add the Flatpak remote to your system:\n\nflatpak remote-add rhel https://flatpaks.redhat.io/rhel.flatpakrepo\n\nProvide the credentials for your Red Hat Enterprise Linux account:\n\npodman login registry.redhat.io\n\nPodman only saves credentials until the user logs out. To save your credentials permanently, run:\n\ncp $XDG_RUNTIME_DIR/containers/auth.json $HOME/.config/flatpak/oci-auth.json\n\nTo enable the RHEL Flatpak remote for a set of workstations within an organization, you should use a Registry Service Account. Credentials can be installed system-wide at /etc/flatpak/oci-auth.json.\n\nThen, you can install the Firefox Flatpak container image:\n\nflatpak install rhel org.firefox.Firefox\n\nFor more information about the image, search the <image_name> in the Red Hat Ecosystem Catalog: https://catalog.redhat.com/software/containers/search.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:rhel9/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:5988", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:rhel9/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:rhel9/firefox-flatpak@sha256:ef71228c905275b0c973e231942a1949b2036217cf0ed7e671ea1a9dded66fbd_amd64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, ], }
rhsa-2023:5191
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2025-03-23 07:33
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5191", url: "https://access.redhat.com/errata/RHSA-2023:5191", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5191.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:33:04+00:00", generator: { date: "2025-03-23T07:33:04+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5191", initial_release_date: "2023-09-18T13:54:41+00:00", revision_history: [ { date: "2023-09-18T13:54:41+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:54:41+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:33:04+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el7_9.src", product: { name: "thunderbird-0:102.15.1-1.el7_9.src", product_id: "thunderbird-0:102.15.1-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el7_9.x86_64", product: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64", product_id: "thunderbird-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el7_9.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le", product_id: "thunderbird-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el7_9?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5191", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5191", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5186
Vulnerability from csaf_redhat
Published
2023-09-18 13:49
Modified
2025-03-23 07:33
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5186", url: "https://access.redhat.com/errata/RHSA-2023:5186", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5186.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:33:18+00:00", generator: { date: "2025-03-23T07:33:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5186", initial_release_date: "2023-09-18T13:49:01+00:00", revision_history: [ { date: "2023-09-18T13:49:01+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:49:01+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:33:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_2.src", product: { name: "thunderbird-0:102.15.1-1.el8_2.src", product_id: "thunderbird-0:102.15.1-1.el8_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_2.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_2.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_2.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:49:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5186", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:49:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5186", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5202
Vulnerability from csaf_redhat
Published
2023-09-18 14:30
Modified
2025-03-23 07:33
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5202", url: "https://access.redhat.com/errata/RHSA-2023:5202", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5202.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:33:02+00:00", generator: { date: "2025-03-23T07:33:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5202", initial_release_date: "2023-09-18T14:30:13+00:00", revision_history: [ { date: "2023-09-18T14:30:13+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T14:30:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:33:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.src", product: { name: "thunderbird-0:102.15.1-1.el8_6.src", product_id: "thunderbird-0:102.15.1-1.el8_6.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.aarch64", product: { name: "thunderbird-0:102.15.1-1.el8_6.aarch64", product_id: "thunderbird-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_6.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_6.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.s390x", product: { name: "thunderbird-0:102.15.1-1.el8_6.s390x", product_id: "thunderbird-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:30:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5202", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:30:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5202", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhba-2023:6004
Vulnerability from csaf_redhat
Published
2023-10-23 09:32
Modified
2025-03-23 07:34
Summary
Red Hat Bug Fix Advisory: Updated rhel9/thunderbird-flatpak container image
Notes
Topic
An updated rhel9/thunderbird-flatpak container image is now available in the Red Hat container registry.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Flatpak is a system for running graphical applications as containers. Installing an application as a Flatpak rather than as an individual package allows it to be installed and updated independently of the host operating system.
This updates the rhel9/thunderbird-flatpak image of Thunderbird in the Red Hat container registry.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated rhel9/thunderbird-flatpak container image is now available in the Red Hat container registry.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nFlatpak is a system for running graphical applications as containers. Installing an application as a Flatpak rather than as an individual package allows it to be installed and updated independently of the host operating system.\n\nThis updates the rhel9/thunderbird-flatpak image of Thunderbird in the Red Hat container registry.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2023:6004", url: "https://access.redhat.com/errata/RHBA-2023:6004", }, { category: "external", summary: "https://catalog.redhat.com/software/containers/search", url: "https://catalog.redhat.com/software/containers/search", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_6004.json", }, ], title: "Red Hat Bug Fix Advisory: Updated rhel9/thunderbird-flatpak container image", tracking: { current_release_date: "2025-03-23T07:34:06+00:00", generator: { date: "2025-03-23T07:34:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2023:6004", initial_release_date: "2023-10-23T09:32:38+00:00", revision_history: [ { date: "2023-10-23T09:32:38+00:00", number: "1", summary: "Initial version", }, { date: "2023-10-23T09:32:38+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:34:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "rhel9/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7_amd64", product: { name: "rhel9/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7_amd64", product_id: "rhel9/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7_amd64", product_identification_helper: { purl: "pkg:oci/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7?arch=amd64&repository_url=registry.redhat.io/rhel9/thunderbird-flatpak&tag=flatpak-9020020231006114109.1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhel9/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:rhel9/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7_amd64", }, product_reference: "rhel9/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7_amd64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:rhel9/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-23T09:32:38+00:00", details: "To install and use Red Hat Enterprise Linux Flatpak content available in the the Red Hat Container Catalog, make sure that you have the latest version of the Flatpak client installed on your system:\n\nyum update flatpak\n\nAfter updating the Flatpak packages, add the Flatpak remote to your system:\n\nflatpak remote-add rhel https://flatpaks.redhat.io/rhel.flatpakrepo\n\nProvide the credentials for your Red Hat Enterprise Linux account:\n\npodman login registry.redhat.io\n\nPodman only saves credentials until the user logs out. To save your credentials permanently, run:\n\ncp $XDG_RUNTIME_DIR/containers/auth.json $HOME/.config/flatpak/oci-auth.json\n\nTo enable the RHEL Flatpak remote for a set of workstations within an organization, you should use a Registry Service Account. Credentials can be installed system-wide at /etc/flatpak/oci-auth.json.\n\nThen, you can install the Thunderbird Flatpak container image:\n\nflatpak install rhel org.thunderbird.Thunderbird\n\nFor more information about the image, search the <image_name> in the Red Hat Ecosystem Catalog: https://catalog.redhat.com/software/containers/search.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:rhel9/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6004", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:rhel9/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:rhel9/thunderbird-flatpak@sha256:870084c57d8583ce25c8503df6b83df2553b72b463a7be67592f4661cdafd9e7_amd64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, ], }
RHSA-2023:5198
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2025-03-23 07:38
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5198", url: "https://access.redhat.com/errata/RHSA-2023:5198", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5198.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:38:01+00:00", generator: { date: "2025-03-23T07:38:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5198", initial_release_date: "2023-09-18T13:54:07+00:00", revision_history: [ { date: "2023-09-18T13:54:07+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:54:07+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:38:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.src", product: { name: "firefox-0:102.15.1-1.el8_6.src", product_id: "firefox-0:102.15.1-1.el8_6.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.aarch64", product: { name: "firefox-0:102.15.1-1.el8_6.aarch64", product_id: "firefox-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_6.ppc64le", product_id: "firefox-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.x86_64", product: { name: "firefox-0:102.15.1-1.el8_6.x86_64", product_id: "firefox-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.s390x", product: { name: "firefox-0:102.15.1-1.el8_6.s390x", product_id: "firefox-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", }, product_reference: "firefox-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", }, product_reference: "firefox-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", }, product_reference: "firefox-0:102.15.1-1.el8_6.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5198", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5198", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5223
Vulnerability from csaf_redhat
Published
2023-09-19 08:04
Modified
2025-03-23 07:33
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5223", url: "https://access.redhat.com/errata/RHSA-2023:5223", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5223.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:33:06+00:00", generator: { date: "2025-03-23T07:33:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5223", initial_release_date: "2023-09-19T08:04:31+00:00", revision_history: [ { date: "2023-09-19T08:04:31+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T08:04:31+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:33:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.0::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.src", product: { name: "thunderbird-0:102.15.1-1.el9_0.src", product_id: "thunderbird-0:102.15.1-1.el9_0.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.aarch64", product: { name: "thunderbird-0:102.15.1-1.el9_0.aarch64", product_id: "thunderbird-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el9_0.ppc64le", product_id: "thunderbird-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.x86_64", product: { name: "thunderbird-0:102.15.1-1.el9_0.x86_64", product_id: "thunderbird-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.s390x", product: { name: "thunderbird-0:102.15.1-1.el9_0.s390x", product_id: "thunderbird-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.src", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:04:31+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5223", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:04:31+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5223", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5201
Vulnerability from csaf_redhat
Published
2023-09-18 14:31
Modified
2025-03-23 07:39
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5201", url: "https://access.redhat.com/errata/RHSA-2023:5201", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5201.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:39:32+00:00", generator: { date: "2025-03-23T07:39:32+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5201", initial_release_date: "2023-09-18T14:31:22+00:00", revision_history: [ { date: "2023-09-18T14:31:22+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T14:31:22+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:39:32+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.src", product: { name: "thunderbird-0:102.15.1-1.el8_8.src", product_id: "thunderbird-0:102.15.1-1.el8_8.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.aarch64", product: { name: "thunderbird-0:102.15.1-1.el8_8.aarch64", product_id: "thunderbird-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_8.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_8.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.s390x", product: { name: "thunderbird-0:102.15.1-1.el8_8.s390x", product_id: "thunderbird-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.src", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:31:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5201", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:31:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5201", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5200
Vulnerability from csaf_redhat
Published
2023-09-18 14:29
Modified
2025-03-23 07:38
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5200", url: "https://access.redhat.com/errata/RHSA-2023:5200", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5200.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:38:20+00:00", generator: { date: "2025-03-23T07:38:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5200", initial_release_date: "2023-09-18T14:29:44+00:00", revision_history: [ { date: "2023-09-18T14:29:44+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T14:29:44+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:38:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.src", product: { name: "firefox-0:102.15.1-1.el9_2.src", product_id: "firefox-0:102.15.1-1.el9_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-x11-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-x11-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-x11-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-x11-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-0:102.15.1-1.el9_2.s390x", product_id: "firefox-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-x11-0:102.15.1-1.el9_2.s390x", product_id: "firefox-x11-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", }, product_reference: "firefox-0:102.15.1-1.el9_2.src", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:29:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5200", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:29:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5200", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5192
Vulnerability from csaf_redhat
Published
2023-09-18 13:52
Modified
2024-11-23 01:05
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5192", url: "https://access.redhat.com/errata/RHSA-2023:5192", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5192.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2024-11-23T01:05:03+00:00", generator: { date: "2024-11-23T01:05:03+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5192", initial_release_date: "2023-09-18T13:52:27+00:00", revision_history: [ { date: "2023-09-18T13:52:27+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:52:27+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:05:03+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.4::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.src", product: { name: "firefox-0:102.15.1-1.el8_4.src", product_id: "firefox-0:102.15.1-1.el8_4.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.x86_64", product: { name: "firefox-0:102.15.1-1.el8_4.x86_64", product_id: "firefox-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.aarch64", product: { name: "firefox-0:102.15.1-1.el8_4.aarch64", product_id: "firefox-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_4.ppc64le", product_id: "firefox-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.s390x", product: { name: "firefox-0:102.15.1-1.el8_4.s390x", product_id: "firefox-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", }, product_reference: "firefox-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", }, product_reference: "firefox-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", }, product_reference: "firefox-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", }, product_reference: "firefox-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", }, product_reference: "firefox-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:52:27+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5192", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:52:27+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5192", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5309
Vulnerability from csaf_redhat
Published
2023-09-20 16:46
Modified
2025-03-23 07:36
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5309", url: "https://access.redhat.com/errata/RHSA-2023:5309", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5309.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:36:00+00:00", generator: { date: "2025-03-23T07:36:00+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5309", initial_release_date: "2023-09-20T16:46:21+00:00", revision_history: [ { date: "2023-09-20T16:46:21+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-20T16:46:21+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:36:00+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.src", product: { name: "libwebp-0:1.0.0-8.el8_8.1.src", product_id: "libwebp-0:1.0.0-8.el8_8.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.src", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-20T16:46:21+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5309", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-20T16:46:21+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5309", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5198
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2025-03-23 07:38
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5198", url: "https://access.redhat.com/errata/RHSA-2023:5198", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5198.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:38:01+00:00", generator: { date: "2025-03-23T07:38:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5198", initial_release_date: "2023-09-18T13:54:07+00:00", revision_history: [ { date: "2023-09-18T13:54:07+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:54:07+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:38:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.src", product: { name: "firefox-0:102.15.1-1.el8_6.src", product_id: "firefox-0:102.15.1-1.el8_6.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.aarch64", product: { name: "firefox-0:102.15.1-1.el8_6.aarch64", product_id: "firefox-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_6.ppc64le", product_id: "firefox-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.x86_64", product: { name: "firefox-0:102.15.1-1.el8_6.x86_64", product_id: "firefox-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_6.s390x", product: { name: "firefox-0:102.15.1-1.el8_6.s390x", product_id: "firefox-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", }, product_reference: "firefox-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", }, product_reference: "firefox-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", }, product_reference: "firefox-0:102.15.1-1.el8_6.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5198", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5198", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5205
Vulnerability from csaf_redhat
Published
2023-09-18 15:19
Modified
2025-03-23 07:39
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5205", url: "https://access.redhat.com/errata/RHSA-2023:5205", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5205.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:39:53+00:00", generator: { date: "2025-03-23T07:39:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5205", initial_release_date: "2023-09-18T15:19:44+00:00", revision_history: [ { date: "2023-09-18T15:19:44+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T15:19:44+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:39:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.0::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.src", product: { name: "firefox-0:102.15.1-1.el9_0.src", product_id: "firefox-0:102.15.1-1.el9_0.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.aarch64", product: { name: "firefox-0:102.15.1-1.el9_0.aarch64", product_id: "firefox-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.ppc64le", product: { name: "firefox-0:102.15.1-1.el9_0.ppc64le", product_id: "firefox-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.x86_64", product: { name: "firefox-0:102.15.1-1.el9_0.x86_64", product_id: "firefox-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_0.s390x", product: { name: "firefox-0:102.15.1-1.el9_0.s390x", product_id: "firefox-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", }, product_reference: "firefox-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", }, product_reference: "firefox-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", }, product_reference: "firefox-0:102.15.1-1.el9_0.src", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", }, product_reference: "firefox-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5205", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5205", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5197
Vulnerability from csaf_redhat
Published
2023-09-18 13:57
Modified
2024-11-23 01:09
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5197", url: "https://access.redhat.com/errata/RHSA-2023:5197", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5197.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2024-11-23T01:09:43+00:00", generator: { date: "2024-11-23T01:09:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5197", initial_release_date: "2023-09-18T13:57:46+00:00", revision_history: [ { date: "2023-09-18T13:57:46+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:57:46+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:09:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.src", product: { name: "firefox-0:102.15.1-1.el7_9.src", product_id: "firefox-0:102.15.1-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.x86_64", product: { name: "firefox-0:102.15.1-1.el7_9.x86_64", product_id: "firefox-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.i686", product: { name: "firefox-0:102.15.1-1.el7_9.i686", product_id: "firefox-0:102.15.1-1.el7_9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=i686", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.s390x", product: { name: "firefox-0:102.15.1-1.el7_9.s390x", product_id: "firefox-0:102.15.1-1.el7_9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.ppc64le", product: { name: "firefox-0:102.15.1-1.el7_9.ppc64le", product_id: "firefox-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.ppc64", product: { name: "firefox-0:102.15.1-1.el7_9.ppc64", product_id: "firefox-0:102.15.1-1.el7_9.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=ppc64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:57:46+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5197", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:57:46+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5197", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5185
Vulnerability from csaf_redhat
Published
2023-09-18 13:34
Modified
2025-03-23 07:34
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5185", url: "https://access.redhat.com/errata/RHSA-2023:5185", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5185.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:34:04+00:00", generator: { date: "2025-03-23T07:34:04+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5185", initial_release_date: "2023-09-18T13:34:00+00:00", revision_history: [ { date: "2023-09-18T13:34:00+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:34:00+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:34:04+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.4::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.src", product: { name: "thunderbird-0:102.15.1-1.el8_4.src", product_id: "thunderbird-0:102.15.1-1.el8_4.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.aarch64", product: { name: "thunderbird-0:102.15.1-1.el8_4.aarch64", product_id: "thunderbird-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_4.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_4.s390x", product: { name: "thunderbird-0:102.15.1-1.el8_4.s390x", product_id: "thunderbird-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5185", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5186
Vulnerability from csaf_redhat
Published
2023-09-18 13:49
Modified
2025-03-23 07:33
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5186", url: "https://access.redhat.com/errata/RHSA-2023:5186", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5186.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:33:18+00:00", generator: { date: "2025-03-23T07:33:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5186", initial_release_date: "2023-09-18T13:49:01+00:00", revision_history: [ { date: "2023-09-18T13:49:01+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:49:01+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:33:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_2.src", product: { name: "thunderbird-0:102.15.1-1.el8_2.src", product_id: "thunderbird-0:102.15.1-1.el8_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_2.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_2.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_2.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:49:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5186", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:49:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5186", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5189
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2025-03-23 07:35
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5189", url: "https://access.redhat.com/errata/RHSA-2023:5189", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5189.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:35:44+00:00", generator: { date: "2025-03-23T07:35:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5189", initial_release_date: "2023-09-18T13:54:00+00:00", revision_history: [ { date: "2023-09-18T13:54:00+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:54:00+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:35:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.src", product: { name: "libwebp-0:1.0.0-7.el8_6.1.src", product_id: "libwebp-0:1.0.0-7.el8_6.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5189", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5189", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5222
Vulnerability from csaf_redhat
Published
2023-09-19 08:01
Modified
2025-03-23 07:35
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Update 05 October 2023]
This advisory has been updated to push packages into TUS and E4S channels
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Update 05 October 2023]\nThis advisory has been updated to push packages into TUS and E4S channels", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5222", url: "https://access.redhat.com/errata/RHSA-2023:5222", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5222.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:35:14+00:00", generator: { date: "2025-03-23T07:35:14+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5222", initial_release_date: "2023-09-19T08:01:54+00:00", revision_history: [ { date: "2023-09-19T08:01:54+00:00", number: "1", summary: "Initial version", }, { date: "2023-10-06T13:01:35+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:35:14+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.4::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.src", product: { name: "libwebp-0:1.0.0-7.el8_4.1.src", product_id: "libwebp-0:1.0.0-7.el8_4.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.src", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.src", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.src", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:01:54+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5222", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, ], }
RHSA-2023:5188
Vulnerability from csaf_redhat
Published
2023-09-18 13:45
Modified
2025-03-23 07:40
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5188", url: "https://access.redhat.com/errata/RHSA-2023:5188", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5188.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:40:35+00:00", generator: { date: "2025-03-23T07:40:35+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5188", initial_release_date: "2023-09-18T13:45:59+00:00", revision_history: [ { date: "2023-09-18T13:45:59+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:45:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:40:35+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.1::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_1.src", product: { name: "thunderbird-0:102.15.1-1.el8_1.src", product_id: "thunderbird-0:102.15.1-1.el8_1.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_1.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_1.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_1.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_1.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_1.src", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:45:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5188", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:45:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5188", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5190
Vulnerability from csaf_redhat
Published
2023-09-18 13:48
Modified
2024-11-23 01:03
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5190", url: "https://access.redhat.com/errata/RHSA-2023:5190", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5190.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2024-11-23T01:03:51+00:00", generator: { date: "2024-11-23T01:03:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5190", initial_release_date: "2023-09-18T13:48:59+00:00", revision_history: [ { date: "2023-09-18T13:48:59+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:48:59+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:03:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.src", product: { name: "libwebp-0:1.0.0-7.el8_2.1.src", product_id: "libwebp-0:1.0.0-7.el8_2.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.src", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.src", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.src", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5190", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5187
Vulnerability from csaf_redhat
Published
2023-09-18 13:48
Modified
2025-03-23 07:37
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5187", url: "https://access.redhat.com/errata/RHSA-2023:5187", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5187.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:37:34+00:00", generator: { date: "2025-03-23T07:37:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5187", initial_release_date: "2023-09-18T13:48:58+00:00", revision_history: [ { date: "2023-09-18T13:48:58+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:48:58+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:37:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_2.src", product: { name: "firefox-0:102.15.1-1.el8_2.src", product_id: "firefox-0:102.15.1-1.el8_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_2.x86_64", product: { name: "firefox-0:102.15.1-1.el8_2.x86_64", product_id: "firefox-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_2.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_2.ppc64le", product_id: "firefox-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", }, product_reference: "firefox-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", }, product_reference: "firefox-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", }, product_reference: "firefox-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:58+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5187", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:58+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5187", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5183
Vulnerability from csaf_redhat
Published
2023-09-18 13:34
Modified
2024-11-23 01:04
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5183", url: "https://access.redhat.com/errata/RHSA-2023:5183", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5183.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2024-11-23T01:04:10+00:00", generator: { date: "2024-11-23T01:04:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5183", initial_release_date: "2023-09-18T13:34:55+00:00", revision_history: [ { date: "2023-09-18T13:34:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:34:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:04:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.1::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_1.src", product: { name: "firefox-0:102.15.1-1.el8_1.src", product_id: "firefox-0:102.15.1-1.el8_1.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_1.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_1.ppc64le", product_id: "firefox-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_1.x86_64", product: { name: "firefox-0:102.15.1-1.el8_1.x86_64", product_id: "firefox-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", }, product_reference: "firefox-0:102.15.1-1.el8_1.src", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5183", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5309
Vulnerability from csaf_redhat
Published
2023-09-20 16:46
Modified
2024-11-23 01:11
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5309", url: "https://access.redhat.com/errata/RHSA-2023:5309", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5309.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2024-11-23T01:11:18+00:00", generator: { date: "2024-11-23T01:11:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5309", initial_release_date: "2023-09-20T16:46:21+00:00", revision_history: [ { date: "2023-09-20T16:46:21+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-20T16:46:21+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:11:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.src", product: { name: "libwebp-0:1.0.0-8.el8_8.1.src", product_id: "libwebp-0:1.0.0-8.el8_8.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.src", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-20T16:46:21+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5309", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-20T16:46:21+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5309", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5188
Vulnerability from csaf_redhat
Published
2023-09-18 13:45
Modified
2024-11-23 01:04
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5188", url: "https://access.redhat.com/errata/RHSA-2023:5188", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5188.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2024-11-23T01:04:19+00:00", generator: { date: "2024-11-23T01:04:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5188", initial_release_date: "2023-09-18T13:45:59+00:00", revision_history: [ { date: "2023-09-18T13:45:59+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:45:59+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:04:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.1::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_1.src", product: { name: "thunderbird-0:102.15.1-1.el8_1.src", product_id: "thunderbird-0:102.15.1-1.el8_1.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_1.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_1.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_1.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_1.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_1.src", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:45:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5188", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:45:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5188", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5197
Vulnerability from csaf_redhat
Published
2023-09-18 13:57
Modified
2025-03-23 07:37
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5197", url: "https://access.redhat.com/errata/RHSA-2023:5197", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5197.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:37:14+00:00", generator: { date: "2025-03-23T07:37:14+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5197", initial_release_date: "2023-09-18T13:57:46+00:00", revision_history: [ { date: "2023-09-18T13:57:46+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:57:46+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:37:14+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.src", product: { name: "firefox-0:102.15.1-1.el7_9.src", product_id: "firefox-0:102.15.1-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.x86_64", product: { name: "firefox-0:102.15.1-1.el7_9.x86_64", product_id: "firefox-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.i686", product: { name: "firefox-0:102.15.1-1.el7_9.i686", product_id: "firefox-0:102.15.1-1.el7_9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=i686", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.s390x", product: { name: "firefox-0:102.15.1-1.el7_9.s390x", product_id: "firefox-0:102.15.1-1.el7_9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.ppc64le", product: { name: "firefox-0:102.15.1-1.el7_9.ppc64le", product_id: "firefox-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.ppc64", product: { name: "firefox-0:102.15.1-1.el7_9.ppc64", product_id: "firefox-0:102.15.1-1.el7_9.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=ppc64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:57:46+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5197", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:57:46+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5197", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5222
Vulnerability from csaf_redhat
Published
2023-09-19 08:01
Modified
2024-11-23 01:05
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Update 05 October 2023]
This advisory has been updated to push packages into TUS and E4S channels
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Update 05 October 2023]\nThis advisory has been updated to push packages into TUS and E4S channels", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5222", url: "https://access.redhat.com/errata/RHSA-2023:5222", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5222.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2024-11-23T01:05:05+00:00", generator: { date: "2024-11-23T01:05:05+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5222", initial_release_date: "2023-09-19T08:01:54+00:00", revision_history: [ { date: "2023-09-19T08:01:54+00:00", number: "1", summary: "Initial version", }, { date: "2023-10-06T13:01:35+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:05:05+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.4::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.src", product: { name: "libwebp-0:1.0.0-7.el8_4.1.src", product_id: "libwebp-0:1.0.0-7.el8_4.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_4.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_4.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.src", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.src", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.src", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:01:54+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5222", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.AUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.E4S:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.aarch64", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.ppc64le", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.s390x", "AppStream-8.4.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.src", "AppStream-8.4.0.Z.TUS:libwebp-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_4.1.x86_64", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.i686", "AppStream-8.4.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_4.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, ], }
RHSA-2023:5201
Vulnerability from csaf_redhat
Published
2023-09-18 14:31
Modified
2025-03-23 07:39
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5201", url: "https://access.redhat.com/errata/RHSA-2023:5201", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5201.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:39:32+00:00", generator: { date: "2025-03-23T07:39:32+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5201", initial_release_date: "2023-09-18T14:31:22+00:00", revision_history: [ { date: "2023-09-18T14:31:22+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T14:31:22+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:39:32+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.src", product: { name: "thunderbird-0:102.15.1-1.el8_8.src", product_id: "thunderbird-0:102.15.1-1.el8_8.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.aarch64", product: { name: "thunderbird-0:102.15.1-1.el8_8.aarch64", product_id: "thunderbird-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_8.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_8.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_8.s390x", product: { name: "thunderbird-0:102.15.1-1.el8_8.s390x", product_id: "thunderbird-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.src", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:31:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5201", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:31:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5201", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5236
Vulnerability from csaf_redhat
Published
2023-09-19 12:43
Modified
2025-03-23 07:34
Summary
Red Hat Security Advisory: libwebp: critical security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Update
Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which give
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Update\nServices for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which give\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5236", url: "https://access.redhat.com/errata/RHSA-2023:5236", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5236.json", }, ], title: "Red Hat Security Advisory: libwebp: critical security update", tracking: { current_release_date: "2025-03-23T07:34:26+00:00", generator: { date: "2025-03-23T07:34:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5236", initial_release_date: "2023-09-19T12:43:31+00:00", revision_history: [ { date: "2023-09-19T12:43:31+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T12:43:31+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:34:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.1::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.src", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.src", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.src", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T12:43:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5236", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T12:43:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5236", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5184
Vulnerability from csaf_redhat
Published
2023-09-18 13:37
Modified
2024-11-23 01:04
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5184", url: "https://access.redhat.com/errata/RHSA-2023:5184", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5184.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2024-11-23T01:04:45+00:00", generator: { date: "2024-11-23T01:04:45+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5184", initial_release_date: "2023-09-18T13:37:09+00:00", revision_history: [ { date: "2023-09-18T13:37:09+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:37:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:04:45+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.src", product: { name: "firefox-0:102.15.1-1.el8_8.src", product_id: "firefox-0:102.15.1-1.el8_8.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.aarch64", product: { name: "firefox-0:102.15.1-1.el8_8.aarch64", product_id: "firefox-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_8.ppc64le", product_id: "firefox-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.x86_64", product: { name: "firefox-0:102.15.1-1.el8_8.x86_64", product_id: "firefox-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.s390x", product: { name: "firefox-0:102.15.1-1.el8_8.s390x", product_id: "firefox-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", }, product_reference: "firefox-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", }, product_reference: "firefox-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", }, product_reference: "firefox-0:102.15.1-1.el8_8.src", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5184", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5184", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5200
Vulnerability from csaf_redhat
Published
2023-09-18 14:29
Modified
2024-11-23 01:10
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5200", url: "https://access.redhat.com/errata/RHSA-2023:5200", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5200.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2024-11-23T01:10:03+00:00", generator: { date: "2024-11-23T01:10:03+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5200", initial_release_date: "2023-09-18T14:29:44+00:00", revision_history: [ { date: "2023-09-18T14:29:44+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T14:29:44+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:10:03+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.src", product: { name: "firefox-0:102.15.1-1.el9_2.src", product_id: "firefox-0:102.15.1-1.el9_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-x11-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-x11-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-x11-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-x11-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-0:102.15.1-1.el9_2.s390x", product_id: "firefox-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "firefox-x11-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-x11-0:102.15.1-1.el9_2.s390x", product_id: "firefox-x11-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", }, product_reference: "firefox-0:102.15.1-1.el9_2.src", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-x11-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", }, product_reference: "firefox-x11-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:29:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5200", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:29:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5200", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5187
Vulnerability from csaf_redhat
Published
2023-09-18 13:48
Modified
2024-11-23 01:04
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5187", url: "https://access.redhat.com/errata/RHSA-2023:5187", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5187.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2024-11-23T01:04:02+00:00", generator: { date: "2024-11-23T01:04:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5187", initial_release_date: "2023-09-18T13:48:58+00:00", revision_history: [ { date: "2023-09-18T13:48:58+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:48:58+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:04:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_2.src", product: { name: "firefox-0:102.15.1-1.el8_2.src", product_id: "firefox-0:102.15.1-1.el8_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_2.x86_64", product: { name: "firefox-0:102.15.1-1.el8_2.x86_64", product_id: "firefox-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_2.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_2.ppc64le", product_id: "firefox-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", }, product_reference: "firefox-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", }, product_reference: "firefox-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", }, product_reference: "firefox-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:58+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5187", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:58+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5187", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5224
Vulnerability from csaf_redhat
Published
2023-09-19 08:05
Modified
2025-03-23 07:34
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5224", url: "https://access.redhat.com/errata/RHSA-2023:5224", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5224.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:34:04+00:00", generator: { date: "2025-03-23T07:34:04+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5224", initial_release_date: "2023-09-19T08:05:47+00:00", revision_history: [ { date: "2023-09-19T08:05:47+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T08:05:47+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:34:04+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.src", product: { name: "thunderbird-0:102.15.1-1.el9_2.src", product_id: "thunderbird-0:102.15.1-1.el9_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.aarch64", product: { name: "thunderbird-0:102.15.1-1.el9_2.aarch64", product_id: "thunderbird-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el9_2.ppc64le", product_id: "thunderbird-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.x86_64", product: { name: "thunderbird-0:102.15.1-1.el9_2.x86_64", product_id: "thunderbird-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.s390x", product: { name: "thunderbird-0:102.15.1-1.el9_2.s390x", product_id: "thunderbird-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.src", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:05:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5224", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:05:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5224", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5197
Vulnerability from csaf_redhat
Published
2023-09-18 13:57
Modified
2025-03-23 07:37
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5197", url: "https://access.redhat.com/errata/RHSA-2023:5197", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5197.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:37:14+00:00", generator: { date: "2025-03-23T07:37:14+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5197", initial_release_date: "2023-09-18T13:57:46+00:00", revision_history: [ { date: "2023-09-18T13:57:46+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:57:46+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:37:14+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.src", product: { name: "firefox-0:102.15.1-1.el7_9.src", product_id: "firefox-0:102.15.1-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.x86_64", product: { name: "firefox-0:102.15.1-1.el7_9.x86_64", product_id: "firefox-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.i686", product: { name: "firefox-0:102.15.1-1.el7_9.i686", product_id: "firefox-0:102.15.1-1.el7_9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=i686", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.s390x", product: { name: "firefox-0:102.15.1-1.el7_9.s390x", product_id: "firefox-0:102.15.1-1.el7_9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.ppc64le", product: { name: "firefox-0:102.15.1-1.el7_9.ppc64le", product_id: "firefox-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el7_9.ppc64", product: { name: "firefox-0:102.15.1-1.el7_9.ppc64", product_id: "firefox-0:102.15.1-1.el7_9.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=ppc64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", product: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", product_id: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", }, product_reference: "firefox-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.i686", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.s390x", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:57:46+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5197", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:57:46+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5197", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src", "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x", "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5186
Vulnerability from csaf_redhat
Published
2023-09-18 13:49
Modified
2024-11-23 01:04
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5186", url: "https://access.redhat.com/errata/RHSA-2023:5186", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5186.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2024-11-23T01:04:38+00:00", generator: { date: "2024-11-23T01:04:38+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5186", initial_release_date: "2023-09-18T13:49:01+00:00", revision_history: [ { date: "2023-09-18T13:49:01+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:49:01+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:04:38+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_2.src", product: { name: "thunderbird-0:102.15.1-1.el8_2.src", product_id: "thunderbird-0:102.15.1-1.el8_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_2.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_2.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_2.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:49:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5186", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:49:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5186", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5202
Vulnerability from csaf_redhat
Published
2023-09-18 14:30
Modified
2024-11-23 01:10
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5202", url: "https://access.redhat.com/errata/RHSA-2023:5202", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5202.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2024-11-23T01:10:30+00:00", generator: { date: "2024-11-23T01:10:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5202", initial_release_date: "2023-09-18T14:30:13+00:00", revision_history: [ { date: "2023-09-18T14:30:13+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T14:30:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:10:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.src", product: { name: "thunderbird-0:102.15.1-1.el8_6.src", product_id: "thunderbird-0:102.15.1-1.el8_6.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.aarch64", product: { name: "thunderbird-0:102.15.1-1.el8_6.aarch64", product_id: "thunderbird-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_6.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_6.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.s390x", product: { name: "thunderbird-0:102.15.1-1.el8_6.s390x", product_id: "thunderbird-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:30:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5202", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:30:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5202", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5192
Vulnerability from csaf_redhat
Published
2023-09-18 13:52
Modified
2025-03-23 07:40
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5192", url: "https://access.redhat.com/errata/RHSA-2023:5192", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5192.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:40:18+00:00", generator: { date: "2025-03-23T07:40:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5192", initial_release_date: "2023-09-18T13:52:27+00:00", revision_history: [ { date: "2023-09-18T13:52:27+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:52:27+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:40:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.4::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.src", product: { name: "firefox-0:102.15.1-1.el8_4.src", product_id: "firefox-0:102.15.1-1.el8_4.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.x86_64", product: { name: "firefox-0:102.15.1-1.el8_4.x86_64", product_id: "firefox-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.aarch64", product: { name: "firefox-0:102.15.1-1.el8_4.aarch64", product_id: "firefox-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_4.ppc64le", product_id: "firefox-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.s390x", product: { name: "firefox-0:102.15.1-1.el8_4.s390x", product_id: "firefox-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", }, product_reference: "firefox-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", }, product_reference: "firefox-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", }, product_reference: "firefox-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", }, product_reference: "firefox-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", }, product_reference: "firefox-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:52:27+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5192", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:52:27+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5192", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5190
Vulnerability from csaf_redhat
Published
2023-09-18 13:48
Modified
2025-03-23 07:34
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5190", url: "https://access.redhat.com/errata/RHSA-2023:5190", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5190.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:34:55+00:00", generator: { date: "2025-03-23T07:34:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5190", initial_release_date: "2023-09-18T13:48:59+00:00", revision_history: [ { date: "2023-09-18T13:48:59+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:48:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:34:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.src", product: { name: "libwebp-0:1.0.0-7.el8_2.1.src", product_id: "libwebp-0:1.0.0-7.el8_2.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.src", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.src", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.src", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5190", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5214
Vulnerability from csaf_redhat
Published
2023-09-19 08:06
Modified
2025-03-23 07:36
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5214", url: "https://access.redhat.com/errata/RHSA-2023:5214", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5214.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:36:48+00:00", generator: { date: "2025-03-23T07:36:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5214", initial_release_date: "2023-09-19T08:06:01+00:00", revision_history: [ { date: "2023-09-19T08:06:01+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T08:06:01+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:36:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux CRB (v. 9)", product: { name: "Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-tools-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-devel-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.src", product: { name: "libwebp-0:1.2.0-7.el9_2.src", product_id: "libwebp-0:1.2.0-7.el9_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-0:1.2.0-7.el9_2.i686", product_id: "libwebp-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.i686", product_id: "libwebp-devel-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", }, product_reference: "libwebp-0:1.2.0-7.el9_2.src", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.src as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", }, product_reference: "libwebp-0:1.2.0-7.el9_2.src", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:06:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5214", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:06:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5214", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5184
Vulnerability from csaf_redhat
Published
2023-09-18 13:37
Modified
2025-03-23 07:39
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5184", url: "https://access.redhat.com/errata/RHSA-2023:5184", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5184.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:39:06+00:00", generator: { date: "2025-03-23T07:39:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5184", initial_release_date: "2023-09-18T13:37:09+00:00", revision_history: [ { date: "2023-09-18T13:37:09+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:37:09+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:39:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.src", product: { name: "firefox-0:102.15.1-1.el8_8.src", product_id: "firefox-0:102.15.1-1.el8_8.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.aarch64", product: { name: "firefox-0:102.15.1-1.el8_8.aarch64", product_id: "firefox-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_8.ppc64le", product_id: "firefox-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.x86_64", product: { name: "firefox-0:102.15.1-1.el8_8.x86_64", product_id: "firefox-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.s390x", product: { name: "firefox-0:102.15.1-1.el8_8.s390x", product_id: "firefox-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", }, product_reference: "firefox-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", }, product_reference: "firefox-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", }, product_reference: "firefox-0:102.15.1-1.el8_8.src", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5184", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5184", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5204
Vulnerability from csaf_redhat
Published
2023-09-18 15:19
Modified
2024-11-23 01:09
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5204", url: "https://access.redhat.com/errata/RHSA-2023:5204", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5204.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2024-11-23T01:09:52+00:00", generator: { date: "2024-11-23T01:09:52+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5204", initial_release_date: "2023-09-18T15:19:12+00:00", revision_history: [ { date: "2023-09-18T15:19:12+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T15:19:12+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:09:52+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.0::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.src", product: { name: "libwebp-0:1.2.0-6.el9_0.src", product_id: "libwebp-0:1.2.0-6.el9_0.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-0:1.2.0-6.el9_0.i686", product_id: "libwebp-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.i686", product_id: "libwebp-devel-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-devel-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", }, product_reference: "libwebp-0:1.2.0-6.el9_0.src", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5204", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5204", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5189
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2025-03-23 07:35
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5189", url: "https://access.redhat.com/errata/RHSA-2023:5189", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5189.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:35:44+00:00", generator: { date: "2025-03-23T07:35:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5189", initial_release_date: "2023-09-18T13:54:00+00:00", revision_history: [ { date: "2023-09-18T13:54:00+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:54:00+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:35:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.src", product: { name: "libwebp-0:1.0.0-7.el8_6.1.src", product_id: "libwebp-0:1.0.0-7.el8_6.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5189", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5189", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5183
Vulnerability from csaf_redhat
Published
2023-09-18 13:34
Modified
2025-03-23 07:38
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5183", url: "https://access.redhat.com/errata/RHSA-2023:5183", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5183.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:38:46+00:00", generator: { date: "2025-03-23T07:38:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5183", initial_release_date: "2023-09-18T13:34:55+00:00", revision_history: [ { date: "2023-09-18T13:34:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:34:55+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:38:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.1::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_1.src", product: { name: "firefox-0:102.15.1-1.el8_1.src", product_id: "firefox-0:102.15.1-1.el8_1.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_1.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_1.ppc64le", product_id: "firefox-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_1.x86_64", product: { name: "firefox-0:102.15.1-1.el8_1.x86_64", product_id: "firefox-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", }, product_reference: "firefox-0:102.15.1-1.el8_1.src", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5183", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5309
Vulnerability from csaf_redhat
Published
2023-09-20 16:46
Modified
2025-03-23 07:36
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5309", url: "https://access.redhat.com/errata/RHSA-2023:5309", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5309.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:36:00+00:00", generator: { date: "2025-03-23T07:36:00+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5309", initial_release_date: "2023-09-20T16:46:21+00:00", revision_history: [ { date: "2023-09-20T16:46:21+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-20T16:46:21+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:36:00+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.src", product: { name: "libwebp-0:1.0.0-8.el8_8.1.src", product_id: "libwebp-0:1.0.0-8.el8_8.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", product: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_id: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.src", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-20T16:46:21+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5309", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-20T16:46:21+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5309", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x", "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5236
Vulnerability from csaf_redhat
Published
2023-09-19 12:43
Modified
2025-03-23 07:34
Summary
Red Hat Security Advisory: libwebp: critical security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Update
Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which give
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Update\nServices for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which give\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5236", url: "https://access.redhat.com/errata/RHSA-2023:5236", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5236.json", }, ], title: "Red Hat Security Advisory: libwebp: critical security update", tracking: { current_release_date: "2025-03-23T07:34:26+00:00", generator: { date: "2025-03-23T07:34:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5236", initial_release_date: "2023-09-19T12:43:31+00:00", revision_history: [ { date: "2023-09-19T12:43:31+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T12:43:31+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:34:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.1::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.src", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.src", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.src", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T12:43:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5236", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T12:43:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5236", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5236
Vulnerability from csaf_redhat
Published
2023-09-19 12:43
Modified
2024-11-23 01:11
Summary
Red Hat Security Advisory: libwebp: critical security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Update
Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which give
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Update\nServices for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which give\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5236", url: "https://access.redhat.com/errata/RHSA-2023:5236", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5236.json", }, ], title: "Red Hat Security Advisory: libwebp: critical security update", tracking: { current_release_date: "2024-11-23T01:11:10+00:00", generator: { date: "2024-11-23T01:11:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5236", initial_release_date: "2023-09-19T12:43:31+00:00", revision_history: [ { date: "2023-09-19T12:43:31+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T12:43:31+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:11:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.1::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.src", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.src", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.src", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T12:43:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5236", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T12:43:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5236", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src", "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le", "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5184
Vulnerability from csaf_redhat
Published
2023-09-18 13:37
Modified
2025-03-23 07:39
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5184", url: "https://access.redhat.com/errata/RHSA-2023:5184", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5184.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:39:06+00:00", generator: { date: "2025-03-23T07:39:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5184", initial_release_date: "2023-09-18T13:37:09+00:00", revision_history: [ { date: "2023-09-18T13:37:09+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:37:09+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:39:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.src", product: { name: "firefox-0:102.15.1-1.el8_8.src", product_id: "firefox-0:102.15.1-1.el8_8.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.aarch64", product: { name: "firefox-0:102.15.1-1.el8_8.aarch64", product_id: "firefox-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_8.ppc64le", product_id: "firefox-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.x86_64", product: { name: "firefox-0:102.15.1-1.el8_8.x86_64", product_id: "firefox-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_8.s390x", product: { name: "firefox-0:102.15.1-1.el8_8.s390x", product_id: "firefox-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", }, product_reference: "firefox-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", }, product_reference: "firefox-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", }, product_reference: "firefox-0:102.15.1-1.el8_8.src", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_8.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5184", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5184", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src", "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x", "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5190
Vulnerability from csaf_redhat
Published
2023-09-18 13:48
Modified
2025-03-23 07:34
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5190", url: "https://access.redhat.com/errata/RHSA-2023:5190", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5190.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:34:55+00:00", generator: { date: "2025-03-23T07:34:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5190", initial_release_date: "2023-09-18T13:48:59+00:00", revision_history: [ { date: "2023-09-18T13:48:59+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:48:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:34:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.src", product: { name: "libwebp-0:1.0.0-7.el8_2.1.src", product_id: "libwebp-0:1.0.0-7.el8_2.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.src", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.src", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.src", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5190", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5190", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le", "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src", "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686", "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5189
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2024-11-23 01:04
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5189", url: "https://access.redhat.com/errata/RHSA-2023:5189", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5189.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2024-11-23T01:04:54+00:00", generator: { date: "2024-11-23T01:04:54+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5189", initial_release_date: "2023-09-18T13:54:00+00:00", revision_history: [ { date: "2023-09-18T13:54:00+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:54:00+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:04:54+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.src", product: { name: "libwebp-0:1.0.0-7.el8_6.1.src", product_id: "libwebp-0:1.0.0-7.el8_6.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", product: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_id: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5189", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:00+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5189", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src", "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x", "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5191
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2024-11-23 01:04
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5191", url: "https://access.redhat.com/errata/RHSA-2023:5191", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5191.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2024-11-23T01:04:28+00:00", generator: { date: "2024-11-23T01:04:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5191", initial_release_date: "2023-09-18T13:54:41+00:00", revision_history: [ { date: "2023-09-18T13:54:41+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:54:41+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:04:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el7_9.src", product: { name: "thunderbird-0:102.15.1-1.el7_9.src", product_id: "thunderbird-0:102.15.1-1.el7_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el7_9.x86_64", product: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64", product_id: "thunderbird-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el7_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el7_9.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le", product_id: "thunderbird-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el7_9?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.src", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5191", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:54:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5191", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src", "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le", "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5192
Vulnerability from csaf_redhat
Published
2023-09-18 13:52
Modified
2025-03-23 07:40
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5192", url: "https://access.redhat.com/errata/RHSA-2023:5192", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5192.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:40:18+00:00", generator: { date: "2025-03-23T07:40:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5192", initial_release_date: "2023-09-18T13:52:27+00:00", revision_history: [ { date: "2023-09-18T13:52:27+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:52:27+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:40:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.4::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.4::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.src", product: { name: "firefox-0:102.15.1-1.el8_4.src", product_id: "firefox-0:102.15.1-1.el8_4.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.x86_64", product: { name: "firefox-0:102.15.1-1.el8_4.x86_64", product_id: "firefox-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.aarch64", product: { name: "firefox-0:102.15.1-1.el8_4.aarch64", product_id: "firefox-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=aarch64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_4.ppc64le", product_id: "firefox-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_4.s390x", product: { name: "firefox-0:102.15.1-1.el8_4.s390x", product_id: "firefox-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", product: { name: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", product_id: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=s390x", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", product_id: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", }, product_reference: "firefox-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", product_id: "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", }, product_reference: "firefox-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", }, product_reference: "firefox-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", }, product_reference: "firefox-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.aarch64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.s390x", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)", product_id: "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", }, product_reference: "firefox-0:102.15.1-1.el8_4.src", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)", product_id: "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_4.x86_64", relates_to_product_reference: "AppStream-8.4.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:52:27+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5192", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:52:27+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5192", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x", "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src", "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64", "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5214
Vulnerability from csaf_redhat
Published
2023-09-19 08:06
Modified
2025-03-23 07:36
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5214", url: "https://access.redhat.com/errata/RHSA-2023:5214", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5214.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:36:48+00:00", generator: { date: "2025-03-23T07:36:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5214", initial_release_date: "2023-09-19T08:06:01+00:00", revision_history: [ { date: "2023-09-19T08:06:01+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T08:06:01+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:36:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux CRB (v. 9)", product: { name: "Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", product_id: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", product_id: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", product_id: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-tools-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-tools-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-tools-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.s390x", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.s390x", product_id: "libwebp-devel-0:1.2.0-7.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.src", product: { name: "libwebp-0:1.2.0-7.el9_2.src", product_id: "libwebp-0:1.2.0-7.el9_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-0:1.2.0-7.el9_2.i686", product_id: "libwebp-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-devel-0:1.2.0-7.el9_2.i686", product_id: "libwebp-devel-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", product_id: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", product_id: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", product_id: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", product: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", product_id: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", }, product_reference: "libwebp-0:1.2.0-7.el9_2.src", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.src as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", }, product_reference: "libwebp-0:1.2.0-7.el9_2.src", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-devel-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", relates_to_product_reference: "CRB-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:06:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5214", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:06:01+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5214", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src", "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x", "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5183
Vulnerability from csaf_redhat
Published
2023-09-18 13:34
Modified
2025-03-23 07:38
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5183", url: "https://access.redhat.com/errata/RHSA-2023:5183", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5183.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:38:46+00:00", generator: { date: "2025-03-23T07:38:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5183", initial_release_date: "2023-09-18T13:34:55+00:00", revision_history: [ { date: "2023-09-18T13:34:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:34:55+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:38:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.1::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_1.src", product: { name: "firefox-0:102.15.1-1.el8_1.src", product_id: "firefox-0:102.15.1-1.el8_1.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_1.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_1.ppc64le", product_id: "firefox-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_1.x86_64", product: { name: "firefox-0:102.15.1-1.el8_1.x86_64", product_id: "firefox-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", }, product_reference: "firefox-0:102.15.1-1.el8_1.src", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5183", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:34:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5187
Vulnerability from csaf_redhat
Published
2023-09-18 13:48
Modified
2025-03-23 07:37
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5187", url: "https://access.redhat.com/errata/RHSA-2023:5187", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5187.json", }, ], title: "Red Hat Security Advisory: firefox security update", tracking: { current_release_date: "2025-03-23T07:37:34+00:00", generator: { date: "2025-03-23T07:37:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5187", initial_release_date: "2023-09-18T13:48:58+00:00", revision_history: [ { date: "2023-09-18T13:48:58+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:48:58+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:37:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_aus:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_tus:8.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_2.src", product: { name: "firefox-0:102.15.1-1.el8_2.src", product_id: "firefox-0:102.15.1-1.el8_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_2.x86_64", product: { name: "firefox-0:102.15.1-1.el8_2.x86_64", product_id: "firefox-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", product: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", product_id: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_2?arch=x86_64", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", product_id: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "firefox-0:102.15.1-1.el8_2.ppc64le", product: { name: "firefox-0:102.15.1-1.el8_2.ppc64le", product_id: "firefox-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", product: { name: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", product_id: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_2?arch=ppc64le", }, }, }, { category: "product_version", name: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", product: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_id: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", }, product_reference: "firefox-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "firefox-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", }, product_reference: "firefox-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)", product_id: "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", }, product_reference: "firefox-0:102.15.1-1.el8_2.src", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)", product_id: "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", }, product_reference: "firefox-debugsource-0:102.15.1-1.el8_2.x86_64", relates_to_product_reference: "AppStream-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:58+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5187", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:48:58+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", product_ids: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5187", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le", "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src", "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64", "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5204
Vulnerability from csaf_redhat
Published
2023-09-18 15:19
Modified
2025-03-23 07:36
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5204", url: "https://access.redhat.com/errata/RHSA-2023:5204", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5204.json", }, ], title: "Red Hat Security Advisory: libwebp security update", tracking: { current_release_date: "2025-03-23T07:36:28+00:00", generator: { date: "2025-03-23T07:36:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5204", initial_release_date: "2023-09-18T15:19:12+00:00", revision_history: [ { date: "2023-09-18T15:19:12+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T15:19:12+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:36:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.0::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.src", product: { name: "libwebp-0:1.2.0-6.el9_0.src", product_id: "libwebp-0:1.2.0-6.el9_0.src", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-0:1.2.0-6.el9_0.i686", product_id: "libwebp-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.i686", product_id: "libwebp-devel-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=i686", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libwebp-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-devel-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-devel-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-devel-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", product: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", product_id: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", }, product_reference: "libwebp-0:1.2.0-6.el9_0.src", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-devel-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-devel-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", }, product_reference: "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5204", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T15:19:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5204", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src", "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5202
Vulnerability from csaf_redhat
Published
2023-09-18 14:30
Modified
2025-03-23 07:33
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5202", url: "https://access.redhat.com/errata/RHSA-2023:5202", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5202.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:33:02+00:00", generator: { date: "2025-03-23T07:33:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5202", initial_release_date: "2023-09-18T14:30:13+00:00", revision_history: [ { date: "2023-09-18T14:30:13+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T14:30:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:33:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.src", product: { name: "thunderbird-0:102.15.1-1.el8_6.src", product_id: "thunderbird-0:102.15.1-1.el8_6.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.aarch64", product: { name: "thunderbird-0:102.15.1-1.el8_6.aarch64", product_id: "thunderbird-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_6.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_6.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_6.s390x", product: { name: "thunderbird-0:102.15.1-1.el8_6.s390x", product_id: "thunderbird-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:30:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5202", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T14:30:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5202", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src", "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x", "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023_5224
Vulnerability from csaf_redhat
Published
2023-09-19 08:05
Modified
2024-11-23 01:11
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5224", url: "https://access.redhat.com/errata/RHSA-2023:5224", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5224.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2024-11-23T01:11:07+00:00", generator: { date: "2024-11-23T01:11:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5224", initial_release_date: "2023-09-19T08:05:47+00:00", revision_history: [ { date: "2023-09-19T08:05:47+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T08:05:47+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T01:11:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.src", product: { name: "thunderbird-0:102.15.1-1.el9_2.src", product_id: "thunderbird-0:102.15.1-1.el9_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.aarch64", product: { name: "thunderbird-0:102.15.1-1.el9_2.aarch64", product_id: "thunderbird-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el9_2.ppc64le", product_id: "thunderbird-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.x86_64", product: { name: "thunderbird-0:102.15.1-1.el9_2.x86_64", product_id: "thunderbird-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.s390x", product: { name: "thunderbird-0:102.15.1-1.el9_2.s390x", product_id: "thunderbird-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.src", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:05:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5224", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:05:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5224", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
RHSA-2023:5223
Vulnerability from csaf_redhat
Published
2023-09-19 08:04
Modified
2025-03-23 07:33
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5223", url: "https://access.redhat.com/errata/RHSA-2023:5223", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5223.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:33:06+00:00", generator: { date: "2025-03-23T07:33:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5223", initial_release_date: "2023-09-19T08:04:31+00:00", revision_history: [ { date: "2023-09-19T08:04:31+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T08:04:31+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:33:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.0::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.src", product: { name: "thunderbird-0:102.15.1-1.el9_0.src", product_id: "thunderbird-0:102.15.1-1.el9_0.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.aarch64", product: { name: "thunderbird-0:102.15.1-1.el9_0.aarch64", product_id: "thunderbird-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el9_0.ppc64le", product_id: "thunderbird-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.x86_64", product: { name: "thunderbird-0:102.15.1-1.el9_0.x86_64", product_id: "thunderbird-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_0.s390x", product: { name: "thunderbird-0:102.15.1-1.el9_0.s390x", product_id: "thunderbird-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.src", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)", product_id: "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", relates_to_product_reference: "AppStream-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:04:31+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5223", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:04:31+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5223", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src", "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x", "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5188
Vulnerability from csaf_redhat
Published
2023-09-18 13:45
Modified
2025-03-23 07:40
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5188", url: "https://access.redhat.com/errata/RHSA-2023:5188", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5188.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:40:35+00:00", generator: { date: "2025-03-23T07:40:35+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5188", initial_release_date: "2023-09-18T13:45:59+00:00", revision_history: [ { date: "2023-09-18T13:45:59+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-18T13:45:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:40:35+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_e4s:8.1::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_1.src", product: { name: "thunderbird-0:102.15.1-1.el8_1.src", product_id: "thunderbird-0:102.15.1-1.el8_1.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_1.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el8_1.ppc64le", product_id: "thunderbird-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_1?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el8_1.x86_64", product: { name: "thunderbird-0:102.15.1-1.el8_1.x86_64", product_id: "thunderbird-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_1?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", }, product_reference: "thunderbird-0:102.15.1-1.el8_1.src", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", product_id: "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", relates_to_product_reference: "AppStream-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:45:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5188", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-18T13:45:59+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5188", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src", "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le", "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
rhsa-2023:5224
Vulnerability from csaf_redhat
Published
2023-09-19 08:05
Modified
2025-03-23 07:34
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5224", url: "https://access.redhat.com/errata/RHSA-2023:5224", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5224.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2025-03-23T07:34:04+00:00", generator: { date: "2025-03-23T07:34:04+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:5224", initial_release_date: "2023-09-19T08:05:47+00:00", revision_history: [ { date: "2023-09-19T08:05:47+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-19T08:05:47+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-23T07:34:04+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.src", product: { name: "thunderbird-0:102.15.1-1.el9_2.src", product_id: "thunderbird-0:102.15.1-1.el9_2.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.aarch64", product: { name: "thunderbird-0:102.15.1-1.el9_2.aarch64", product_id: "thunderbird-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.ppc64le", product: { name: "thunderbird-0:102.15.1-1.el9_2.ppc64le", product_id: "thunderbird-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.x86_64", product: { name: "thunderbird-0:102.15.1-1.el9_2.x86_64", product_id: "thunderbird-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-0:102.15.1-1.el9_2.s390x", product: { name: "thunderbird-0:102.15.1-1.el9_2.s390x", product_id: "thunderbird-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", product: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", product_id: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", product: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", product_id: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.src", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", }, product_reference: "thunderbird-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", }, product_reference: "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", }, product_reference: "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2238431", }, ], notes: [ { category: "description", text: "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: Heap buffer overflow in WebP Codec", title: "Vulnerability summary", }, { category: "other", text: "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4863", }, { category: "external", summary: "RHBZ#2238431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4863", url: "https://www.cve.org/CVERecord?id=CVE-2023-4863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { category: "external", summary: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2023-09-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:05:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5224", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, ], threats: [ { category: "exploit_status", date: "2023-09-13T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "libwebp: Heap buffer overflow in WebP Codec", }, { cve: "CVE-2023-5129", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2023-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2240759", }, ], notes: [ { category: "description", text: "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", title: "Vulnerability description", }, { category: "summary", text: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", title: "Vulnerability summary", }, { category: "other", text: "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5129", }, { category: "external", summary: "RHBZ#2240759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5129", url: "https://www.cve.org/CVERecord?id=CVE-2023-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", url: "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", }, { category: "external", summary: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", url: "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a", }, ], release_date: "2023-09-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-19T08:05:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5224", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 0, baseSeverity: "NONE", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x", "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64", ], }, ], title: "libwebp: out-of-bounds write with a specially crafted WebP lossless file", }, ], }
wid-sec-w-2023-2538
Vulnerability from csaf_certbund
Published
2023-10-03 22:00
Modified
2023-10-03 22:00
Summary
Mattermost: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Mattermost ist ein webbasierter Instant-Messaging-Dienst.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Mattermost ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen oder beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Android
- iPhoneOS
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Mattermost ist ein webbasierter Instant-Messaging-Dienst.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Mattermost ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen oder beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Android\n- iPhoneOS", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2538 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2538.json", }, { category: "self", summary: "WID-SEC-2023-2538 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2538", }, { category: "external", summary: "Mattermost Security Update vom 2023-10-03", url: "https://mattermost.com/security-updates/", }, ], source_lang: "en-US", title: "Mattermost: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-03T22:00:00.000+00:00", generator: { date: "2024-08-15T17:59:20.409+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2538", initial_release_date: "2023-10-03T22:00:00.000+00:00", revision_history: [ { date: "2023-10-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Mattermost Mattermost < v5.5.1", product: { name: "Mattermost Mattermost < v5.5.1", product_id: "T030188", product_identification_helper: { cpe: "cpe:/a:mattermost:mattermost_server:v5.5.1", }, }, }, { category: "product_name", name: "Mattermost Mattermost < v2.8.1", product: { name: "Mattermost Mattermost < v2.8.1", product_id: "T030189", product_identification_helper: { cpe: "cpe:/a:mattermost:mattermost_server:v2.8.1", }, }, }, ], category: "product_name", name: "Mattermost", }, ], category: "vendor", name: "Mattermost", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Mattermost. Diese besteht in der Komponente libwebp und ist auf einen Heap Overflow zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-4863", }, { notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Mattermost, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-10-03T22:00:00.000+00:00", }, ], }
wid-sec-w-2023-2902
Vulnerability from csaf_certbund
Published
2023-11-14 23:00
Modified
2023-11-14 23:00
Summary
IBM Security Guardium: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2902 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2902.json", }, { category: "self", summary: "WID-SEC-2023-2902 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2902", }, { category: "external", summary: "IBM Security Bulletin 7073592 vom 2023-11-14", url: "https://www.ibm.com/support/pages/node/7073592", }, ], source_lang: "en-US", title: "IBM Security Guardium: Mehrere Schwachstellen", tracking: { current_release_date: "2023-11-14T23:00:00.000+00:00", generator: { date: "2024-08-15T18:01:33.337+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2902", initial_release_date: "2023-11-14T23:00:00.000+00:00", revision_history: [ { date: "2023-11-14T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "IBM Security Guardium 12.0", product: { name: "IBM Security Guardium 12.0", product_id: "T031092", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:12.0", }, }, }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-4147", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-4147", }, { cve: "CVE-2023-4004", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-4004", }, { cve: "CVE-2023-3899", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-3899", }, { cve: "CVE-2023-38633", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-38633", }, { cve: "CVE-2023-3776", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-3776", }, { cve: "CVE-2023-3610", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-3610", }, { cve: "CVE-2023-35001", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-35001", }, { cve: "CVE-2023-3390", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-3390", }, { cve: "CVE-2023-31248", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-31248", }, { cve: "CVE-2023-30630", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-30630", }, { cve: "CVE-2023-2603", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-2603", }, { cve: "CVE-2023-2602", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-2602", }, { cve: "CVE-2023-21102", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-21102", }, { cve: "CVE-2023-20900", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20900", }, { cve: "CVE-2023-20593", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20593", }, { cve: "CVE-2023-1637", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-1637", }, { cve: "CVE-2022-1941", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2022-1941", }, ], }
wid-sec-w-2023-2310
Vulnerability from csaf_certbund
Published
2023-09-12 22:00
Modified
2024-01-31 23:00
Summary
Google Chrome / Microsoft Edge: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Chrome ist ein Internet-Browser von Google.
Edge ist ein Browser von Microsoft
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome / Microsoft Edge ausnutzen, um Sicherheitsvorkehrungen zu umgehen und weitere, nicht näher beschriebene Auswirkungen zu erreichen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Browser von Microsoft", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome / Microsoft Edge ausnutzen, um Sicherheitsvorkehrungen zu umgehen und weitere, nicht näher beschriebene Auswirkungen zu erreichen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2310 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2310.json", }, { category: "self", summary: "WID-SEC-2023-2310 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2310", }, { category: "external", summary: "Chrome Stable Channel Update for Desktop vom 2023-09-12", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D5FAEDE1D6 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5faede1d6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-509640A8A6 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-509640a8a6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3D1935DC6A vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3d1935dc6a", }, { category: "external", summary: "Release notes for Microsoft Edge Security Updates vom 2023-09-17", url: "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#september-15-2023", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-C66924CB92 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c66924cb92", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3BFB63F6D2 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bfb63f6d2", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-0DE0929147 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0de0929147", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-54433BC31F vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-54433bc31f", }, { category: "external", summary: "Debian Security Advisory DSA-5497 vom 2023-09-17", url: "https://lists.debian.org/debian-security-announce/2023/msg00191.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D58A84DDA8 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58a84dda8", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-EA08732E6A vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ea08732e6a", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-A33B8C01E7 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a33b8c01e7", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5191 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5191", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-B427F54E68 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b427f54e68", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5204 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5204", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5190 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5190", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-79B0154754 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-79b0154754", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-05DC047BF8 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-05dc047bf8", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-0DF1F37A48 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0df1f37a48", }, { category: "external", summary: "Debian Security Advisory DLA-3570 vom 2023-09-18", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { category: "external", summary: "Debian Security Advisory DSA-5499 vom 2023-09-19", url: "https://lists.debian.org/debian-security-announce/2023/msg00192.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5189 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5189", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-9ABC3565B5 vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9abc3565b5", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-09CC239FE3 vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-981E9F53FF vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-981e9f53ff", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-DA064561FA vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-da064561fa", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-C890266D3F vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c890266d3f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-CCA1F87440 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-cca1f87440", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-EDC9C74369 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-edc9c74369", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-8F3E1B6F78 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-8f3e1b6f78", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202401-34 vom 2024-01-31", url: "https://security.gentoo.org/glsa/202401-34", }, ], source_lang: "en-US", title: "Google Chrome / Microsoft Edge: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-31T23:00:00.000+00:00", generator: { date: "2024-08-15T17:58:15.458+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2310", initial_release_date: "2023-09-12T22:00:00.000+00:00", revision_history: [ { date: "2023-09-12T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-09-13T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-17T22:00:00.000+00:00", number: "3", summary: "Updates von Microsoft", }, { date: "2023-09-18T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Fedora, Red Hat und Debian aufgenommen", }, { date: "2023-09-24T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-01T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-01-31T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Gentoo aufgenommen", }, ], status: "final", version: "7", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_name", name: "Google Chrome < 117.0.5938.62", product: { name: "Google Chrome < 117.0.5938.62", product_id: "T029823", product_identification_helper: { cpe: "cpe:/a:google:chrome:117.0.5938.62", }, }, }, { category: "product_name", name: "Google Chrome < 117.0.5938.63", product: { name: "Google Chrome < 117.0.5938.63", product_id: "T029824", product_identification_helper: { cpe: "cpe:/a:google:chrome:117.0.5938.63", }, }, }, ], category: "product_name", name: "Chrome", }, ], category: "vendor", name: "Google", }, { branches: [ { category: "product_name", name: "Microsoft Edge < 109.0.1518.140", product: { name: "Microsoft Edge < 109.0.1518.140", product_id: "T029920", product_identification_helper: { cpe: "cpe:/a:microsoft:edge:109.0.1518.140", }, }, }, ], category: "vendor", name: "Microsoft", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4909", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4909", }, { cve: "CVE-2023-4908", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4908", }, { cve: "CVE-2023-4907", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4907", }, { cve: "CVE-2023-4906", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4906", }, { cve: "CVE-2023-4905", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4905", }, { cve: "CVE-2023-4904", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4904", }, { cve: "CVE-2023-4903", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4903", }, { cve: "CVE-2023-4902", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4902", }, { cve: "CVE-2023-4901", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4901", }, { cve: "CVE-2023-4900", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4900", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4863", }, ], }
wid-sec-w-2024-0869
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-11-21 23:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0869 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0869.json", }, { category: "self", summary: "WID-SEC-2024-0869 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0869", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Communications vom 2024-04-16", url: "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixCGBU", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18", url: "https://access.redhat.com/errata/RHSA-2024:1878", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04", url: "https://security.gentoo.org/glsa/202405-01", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7987 vom 2024-10-10", url: "https://access.redhat.com/errata/RHSA-2024:7987", }, { category: "external", summary: "XEROX Security Advisory XRX24-017 vom 2024-11-21", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-21T23:00:00.000+00:00", generator: { date: "2024-11-22T10:07:06.493+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0869", initial_release_date: "2024-04-16T22:00:00.000+00:00", revision_history: [ { date: "2024-04-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-04-17T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-05T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-10-10T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-21T23:00:00.000+00:00", number: "5", summary: "Neue Updates von XEROX aufgenommen", }, ], status: "final", version: "5", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version", name: "5", product: { name: "Oracle Communications 5.0", product_id: "T021645", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.0", }, }, }, { category: "product_version", name: "22.4.0", product: { name: "Oracle Communications 22.4.0", product_id: "T024981", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.0", }, }, }, { category: "product_version", name: "23.1.0", product: { name: "Oracle Communications 23.1.0", product_id: "T027326", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.0", }, }, }, { category: "product_version", name: "23.2.0", product: { name: "Oracle Communications 23.2.0", product_id: "T028682", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.2.0", }, }, }, { category: "product_version", name: "5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_version", name: "23.2.2", product: { name: "Oracle Communications 23.2.2", product_id: "T030583", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.2.2", }, }, }, { category: "product_version", name: "23.3.0", product: { name: "Oracle Communications 23.3.0", product_id: "T030586", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.0", }, }, }, { category: "product_version", name: "9.0.0.0", product: { name: "Oracle Communications 9.0.0.0", product_id: "T030589", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.0.0.0", }, }, }, { category: "product_version_range", name: "<=7.2.1.0.0", product: { name: "Oracle Communications <=7.2.1.0.0", product_id: "T030593", }, }, { category: "product_version_range", name: "<=7.2.1.0.0", product: { name: "Oracle Communications <=7.2.1.0.0", product_id: "T030593-fixed", }, }, { category: "product_version_range", name: "<=9.0.2", product: { name: "Oracle Communications <=9.0.2", product_id: "T030595", }, }, { category: "product_version_range", name: "<=9.0.2", product: { name: "Oracle Communications <=9.0.2", product_id: "T030595-fixed", }, }, { category: "product_version", name: "23.3.1", product: { name: "Oracle Communications 23.3.1", product_id: "T032088", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.1", }, }, }, { category: "product_version", name: "23.4.0", product: { name: "Oracle Communications 23.4.0", product_id: "T032091", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.0", }, }, }, { category: "product_version", name: "23.4.1", product: { name: "Oracle Communications 23.4.1", product_id: "T034143", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.1", }, }, }, { category: "product_version_range", name: "<=23.4.2", product: { name: "Oracle Communications <=23.4.2", product_id: "T034144", }, }, { category: "product_version_range", name: "<=23.4.2", product: { name: "Oracle Communications <=23.4.2", product_id: "T034144-fixed", }, }, { category: "product_version", name: "24.1.0", product: { name: "Oracle Communications 24.1.0", product_id: "T034145", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0", }, }, }, { category: "product_version", name: "5.2", product: { name: "Oracle Communications 5.2", product_id: "T034146", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.2", }, }, }, { category: "product_version", name: "24.1.0.0.0", product: { name: "Oracle Communications 24.1.0.0.0", product_id: "T034147", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0.0.0", }, }, }, { category: "product_version", name: "23.3.2", product: { name: "Oracle Communications 23.3.2", product_id: "T034148", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.2", }, }, }, { category: "product_version", name: "14.0.0.0.0", product: { name: "Oracle Communications 14.0.0.0.0", product_id: "T034149", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0.0.0.0", }, }, }, { category: "product_version", name: "9.1.1.7.0", product: { name: "Oracle Communications 9.1.1.7.0", product_id: "T034150", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.7.0", }, }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { branches: [ { category: "product_version", name: "v9", product: { name: "Xerox FreeFlow Print Server v9", product_id: "T015632", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-40896", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-40896", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2023-2283", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-2283", }, { cve: "CVE-2023-31122", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-31122", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-34053", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-34053", }, { cve: "CVE-2023-34055", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-34055", }, { cve: "CVE-2023-4016", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4016", }, { cve: "CVE-2023-41056", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-41056", }, { cve: "CVE-2023-43496", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-43496", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-45142", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-45142", }, { cve: "CVE-2023-4641", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4641", }, { cve: "CVE-2023-46589", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-46589", }, { cve: "CVE-2023-47100", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-47100", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-49083", }, { cve: "CVE-2023-5072", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5072", }, { cve: "CVE-2023-51074", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51074", }, { cve: "CVE-2023-51257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51257", }, { cve: "CVE-2023-51775", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51775", }, { cve: "CVE-2023-5341", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5341", }, { cve: "CVE-2023-5363", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5363", }, { cve: "CVE-2023-6507", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-6507", }, { cve: "CVE-2024-1635", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-1635", }, { cve: "CVE-2024-21626", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-21626", }, { cve: "CVE-2024-22201", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22201", }, { cve: "CVE-2024-22233", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22233", }, { cve: "CVE-2024-22257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22257", }, { cve: "CVE-2024-22259", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22259", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-26130", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-26308", }, ], }
WID-SEC-W-2023-3099
Vulnerability from csaf_certbund
Published
2023-12-11 23:00
Modified
2023-12-11 23:00
Summary
Unify OpenScape Produkte: Mehrere Schwachstellen ermöglichen Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenScape Business ist eine All-In-One-Lösung für Unified Communication & Collaboration
OpenScape Xpert ist eine Kommunikationslösung für mehrere Leitungen.
OpenScape Contact Center Enterprise ist eine integrierte Mehrkanal Callcenter Lösung.
OpenScape UC Application ist eine Unified Communications Lösung zur Integration mit bestehenden Anwendungen.
OpenScape Voice ist eine SIP-basierte Enterprise VoIP Lösung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Unify OpenScape Produkten ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "OpenScape Business ist eine All-In-One-Lösung für Unified Communication & Collaboration\r\nOpenScape Xpert ist eine Kommunikationslösung für mehrere Leitungen.\r\nOpenScape Contact Center Enterprise ist eine integrierte Mehrkanal Callcenter Lösung.\r\nOpenScape UC Application ist eine Unified Communications Lösung zur Integration mit bestehenden Anwendungen.\r\nOpenScape Voice ist eine SIP-basierte Enterprise VoIP Lösung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Unify OpenScape Produkten ausnutzen, um beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-3099 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3099.json", }, { category: "self", summary: "WID-SEC-2023-3099 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3099", }, { category: "external", summary: "Atos Unify Security Advisory vom 2023-12-11", url: "https://networks.unify.com/security/advisories/OBSO-2310-02.pdf", }, ], source_lang: "en-US", title: "Unify OpenScape Produkte: Mehrere Schwachstellen ermöglichen Codeausführung", tracking: { current_release_date: "2023-12-11T23:00:00.000+00:00", generator: { date: "2024-08-15T18:02:37.314+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-3099", initial_release_date: "2023-12-11T23:00:00.000+00:00", revision_history: [ { date: "2023-12-11T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Unify OpenScape Business < V3R3.0.1_007", product: { name: "Unify OpenScape Business < V3R3.0.1_007", product_id: "T031594", product_identification_helper: { cpe: "cpe:/a:unify:openscape_business:v3r3.0.1_007", }, }, }, { branches: [ { category: "product_name", name: "Unify OpenScape Contact Center < V10R4.16.0", product: { name: "Unify OpenScape Contact Center < V10R4.16.0", product_id: "T031596", product_identification_helper: { cpe: "cpe:/a:unify:openscape_contact_center:v10r4.16.0", }, }, }, { category: "product_name", name: "Unify OpenScape Contact Center < V11 R1.12.0", product: { name: "Unify OpenScape Contact Center < V11 R1.12.0", product_id: "T031597", product_identification_helper: { cpe: "cpe:/a:unify:openscape_contact_center:v11_r1.12.0", }, }, }, ], category: "product_name", name: "OpenScape Contact Center", }, { category: "product_name", name: "Unify OpenScape UC Application < V10 R5.7.0", product: { name: "Unify OpenScape UC Application < V10 R5.7.0", product_id: "T031598", product_identification_helper: { cpe: "cpe:/a:unify:openscape_uc_application:v10_r5.7.0", }, }, }, { category: "product_name", name: "Unify OpenScape Voice V10", product: { name: "Unify OpenScape Voice V10", product_id: "T031599", product_identification_helper: { cpe: "cpe:/a:unify:openscape_voice:v10", }, }, }, { category: "product_name", name: "Unify OpenScape Xpert < V7.0.8.4", product: { name: "Unify OpenScape Xpert < V7.0.8.4", product_id: "T031595", product_identification_helper: { cpe: "cpe:/h:unify:openscape_xpert:v7.0.8.4", }, }, }, ], category: "vendor", name: "Unify", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5129", notes: [ { category: "description", text: "In Unify OpenScape Produkten existieren mehrere Schwachstellen. In Google WebP (libwebp) besteht der Funktion BuildHuffmanTable() in utils/huffman_utils.c, eine Überlaufbedingung, die beim Dekodieren bestimmter Streams ausgelöst wird. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code zur Ausführung zu bringen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031599", ], }, release_date: "2023-12-11T23:00:00.000+00:00", title: "CVE-2023-5129", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "In Unify OpenScape Produkten existieren mehrere Schwachstellen. In Google WebP (libwebp) besteht der Funktion BuildHuffmanTable() in utils/huffman_utils.c, eine Überlaufbedingung, die beim Dekodieren bestimmter Streams ausgelöst wird. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code zur Ausführung zu bringen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031599", ], }, release_date: "2023-12-11T23:00:00.000+00:00", title: "CVE-2023-4863", }, ], }
WID-SEC-W-2023-2841
Vulnerability from csaf_certbund
Published
2023-11-06 23:00
Modified
2023-12-05 23:00
Summary
Samsung Android: Mehrere Schwachstellen ermöglichen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren.
Betroffene Betriebssysteme
- Android
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren.", title: "Angriff", }, { category: "general", text: "- Android", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2841 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2841.json", }, { category: "self", summary: "WID-SEC-2023-2841 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2841", }, { category: "external", summary: "CISA Known Exploited Vulnerabilities Catalog vom 2023-12-05", url: "https://www.cisa.gov/news-events/alerts/2023/12/05/cisa-adds-four-known-exploited-vulnerabilities-catalog", }, { category: "external", summary: "Samsung Security Update vom 2023-11-06", url: "https://security.samsungmobile.com/securityUpdate.smsb", }, ], source_lang: "en-US", title: "Samsung Android: Mehrere Schwachstellen ermöglichen", tracking: { current_release_date: "2023-12-05T23:00:00.000+00:00", generator: { date: "2024-08-15T18:01:12.771+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2841", initial_release_date: "2023-11-06T23:00:00.000+00:00", revision_history: [ { date: "2023-11-06T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-12-05T23:00:00.000+00:00", number: "2", summary: "Aktive Ausnutzung gemeldet", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Samsung Android < 11 SMR Nov-2023 Release 1", product: { name: "Samsung Android < 11 SMR Nov-2023 Release 1", product_id: "T030954", product_identification_helper: { cpe: "cpe:/o:samsung:android:11_smr_nov-2023_release_1", }, }, }, { category: "product_name", name: "Samsung Android < 12 SMR Nov-2023 Release 1", product: { name: "Samsung Android < 12 SMR Nov-2023 Release 1", product_id: "T030955", product_identification_helper: { cpe: "cpe:/o:samsung:android:12_smr_nov-2023_release_1", }, }, }, { category: "product_name", name: "Samsung Android < 13 SMR Nov-2023 Release 1", product: { name: "Samsung Android < 13 SMR Nov-2023 Release 1", product_id: "T030956", product_identification_helper: { cpe: "cpe:/o:samsung:android:13_smr_nov-2023_release_1", }, }, }, ], category: "product_name", name: "Android", }, ], category: "vendor", name: "Samsung", }, ], }, vulnerabilities: [ { cve: "CVE-2023-41112", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-41112", }, { cve: "CVE-2023-41111", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-41111", }, { cve: "CVE-2023-40638", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40638", }, { cve: "CVE-2023-40124", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40124", }, { cve: "CVE-2023-40115", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40115", }, { cve: "CVE-2023-40114", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40114", }, { cve: "CVE-2023-40113", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40113", }, { cve: "CVE-2023-40112", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40112", }, { cve: "CVE-2023-40111", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40111", }, { cve: "CVE-2023-40110", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40110", }, { cve: "CVE-2023-40109", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40109", }, { cve: "CVE-2023-40107", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40107", }, { cve: "CVE-2023-40106", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40106", }, { cve: "CVE-2023-40105", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40105", }, { cve: "CVE-2023-40104", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40104", }, { cve: "CVE-2023-40100", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40100", }, { cve: "CVE-2023-34970", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-34970", }, { cve: "CVE-2023-33200", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33200", }, { cve: "CVE-2023-33107", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33107", }, { cve: "CVE-2023-33106", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33106", }, { cve: "CVE-2023-33063", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33063", }, { cve: "CVE-2023-33035", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33035", }, { cve: "CVE-2023-33034", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33034", }, { cve: "CVE-2023-33029", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33029", }, { cve: "CVE-2023-33028", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33028", }, { cve: "CVE-2023-33027", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33027", }, { cve: "CVE-2023-33026", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33026", }, { cve: "CVE-2023-32820", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-32820", }, { cve: "CVE-2023-32819", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-32819", }, { cve: "CVE-2023-30739", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-30739", }, { cve: "CVE-2023-28540", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-28540", }, { cve: "CVE-2023-24855", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24855", }, { cve: "CVE-2023-24853", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24853", }, { cve: "CVE-2023-24850", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24850", }, { cve: "CVE-2023-24849", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24849", }, { cve: "CVE-2023-24848", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24848", }, { cve: "CVE-2023-24847", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24847", }, { cve: "CVE-2023-24844", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24844", }, { cve: "CVE-2023-24843", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24843", }, { cve: "CVE-2023-22385", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-22385", }, { cve: "CVE-2023-21673", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-21673", }, { cve: "CVE-2023-21234", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-21234", }, { cve: "CVE-2023-21111", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-21111", }, { cve: "CVE-2023-21103", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-21103", }, { cve: "CVE-2023-20819", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-20819", }, { cve: "CVE-2022-28348", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2022-28348", }, { cve: "CVE-2022-22071", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2022-22071", }, { cve: "CVE-2021-44828", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2021-44828", }, { cve: "CVE-2020-29374", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2020-29374", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-42538", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42538", }, { cve: "CVE-2023-42537", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42537", }, { cve: "CVE-2023-42536", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42536", }, { cve: "CVE-2023-42535", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42535", }, { cve: "CVE-2023-42534", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42534", }, { cve: "CVE-2023-42533", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42533", }, { cve: "CVE-2023-42532", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42532", }, { cve: "CVE-2023-42531", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42531", }, { cve: "CVE-2023-42530", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42530", }, { cve: "CVE-2023-42529", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42529", }, { cve: "CVE-2023-42528", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42528", }, { cve: "CVE-2023-42527", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42527", }, { cve: "CVE-2023-4211", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-4211", }, ], }
WID-SEC-W-2023-2538
Vulnerability from csaf_certbund
Published
2023-10-03 22:00
Modified
2023-10-03 22:00
Summary
Mattermost: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Mattermost ist ein webbasierter Instant-Messaging-Dienst.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Mattermost ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen oder beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Android
- iPhoneOS
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Mattermost ist ein webbasierter Instant-Messaging-Dienst.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Mattermost ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen oder beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Android\n- iPhoneOS", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2538 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2538.json", }, { category: "self", summary: "WID-SEC-2023-2538 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2538", }, { category: "external", summary: "Mattermost Security Update vom 2023-10-03", url: "https://mattermost.com/security-updates/", }, ], source_lang: "en-US", title: "Mattermost: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-03T22:00:00.000+00:00", generator: { date: "2024-08-15T17:59:20.409+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2538", initial_release_date: "2023-10-03T22:00:00.000+00:00", revision_history: [ { date: "2023-10-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Mattermost Mattermost < v5.5.1", product: { name: "Mattermost Mattermost < v5.5.1", product_id: "T030188", product_identification_helper: { cpe: "cpe:/a:mattermost:mattermost_server:v5.5.1", }, }, }, { category: "product_name", name: "Mattermost Mattermost < v2.8.1", product: { name: "Mattermost Mattermost < v2.8.1", product_id: "T030189", product_identification_helper: { cpe: "cpe:/a:mattermost:mattermost_server:v2.8.1", }, }, }, ], category: "product_name", name: "Mattermost", }, ], category: "vendor", name: "Mattermost", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Mattermost. Diese besteht in der Komponente libwebp und ist auf einen Heap Overflow zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-4863", }, { notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Mattermost, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-10-03T22:00:00.000+00:00", }, ], }
WID-SEC-W-2024-1591
Vulnerability from csaf_certbund
Published
2024-07-10 22:00
Modified
2024-11-11 23:00
Summary
Juniper JUNOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive zu umgehen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive zu umgehen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1591 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1591.json", }, { category: "self", summary: "WID-SEC-2024-1591 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1591", }, { category: "external", summary: "Juniper Patchday July 2024 vom 2024-07-10", url: "https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=100&f:ctype=%5BSecurity%20Advisories%5D", }, ], source_lang: "en-US", title: "Juniper JUNOS: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-11T23:00:00.000+00:00", generator: { date: "2024-11-12T09:31:28.569+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-1591", initial_release_date: "2024-07-10T22:00:00.000+00:00", revision_history: [ { date: "2024-07-10T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-11-11T23:00:00.000+00:00", number: "2", summary: "URL Kodierung angepasst", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Juniper JUNOS", product: { name: "Juniper JUNOS", product_id: "T036093", product_identification_helper: { cpe: "cpe:/o:juniper:junos:-", }, }, }, ], category: "vendor", name: "Juniper", }, ], }, vulnerabilities: [ { cve: "CVE-2006-20001", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2006-20001", }, { cve: "CVE-2007-5846", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2007-5846", }, { cve: "CVE-2008-6123", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2008-6123", }, { cve: "CVE-2011-1473", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2011-1473", }, { cve: "CVE-2011-5094", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2011-5094", }, { cve: "CVE-2012-6151", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2012-6151", }, { cve: "CVE-2014-10064", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-10064", }, { cve: "CVE-2014-2285", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-2285", }, { cve: "CVE-2014-2310", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-2310", }, { cve: "CVE-2014-3565", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-3565", }, { cve: "CVE-2014-7191", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-7191", }, { cve: "CVE-2014-8882", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-8882", }, { cve: "CVE-2015-5621", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2015-5621", }, { cve: "CVE-2015-8100", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2015-8100", }, { cve: "CVE-2015-9262", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2015-9262", }, { cve: "CVE-2016-1000232", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2016-1000232", }, { cve: "CVE-2016-10540", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2016-10540", }, { cve: "CVE-2016-4658", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2016-4658", }, { cve: "CVE-2017-1000048", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2017-1000048", }, { cve: "CVE-2017-15010", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2017-15010", }, { cve: "CVE-2018-18065", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2018-18065", }, { cve: "CVE-2018-20834", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2018-20834", }, { cve: "CVE-2018-3737", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2018-3737", }, { cve: "CVE-2018-7408", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2018-7408", }, { cve: "CVE-2019-10081", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-10081", }, { cve: "CVE-2019-10082", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-10082", }, { cve: "CVE-2019-10092", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-10092", }, { cve: "CVE-2019-10097", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-10097", }, { cve: "CVE-2019-10098", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-10098", }, { cve: "CVE-2019-11719", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-11719", }, { cve: "CVE-2019-11727", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-11727", }, { cve: "CVE-2019-11756", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-11756", }, { cve: "CVE-2019-16775", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-16775", }, { cve: "CVE-2019-16776", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-16776", }, { cve: "CVE-2019-16777", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-16777", }, { cve: "CVE-2019-17006", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-17006", }, { cve: "CVE-2019-17023", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-17023", }, { cve: "CVE-2019-17567", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-17567", }, { cve: "CVE-2019-20149", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-20149", }, { cve: "CVE-2019-20892", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-20892", }, { cve: "CVE-2019-9517", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-9517", }, { cve: "CVE-2020-11668", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-11668", }, { cve: "CVE-2020-11984", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-11984", }, { cve: "CVE-2020-11993", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-11993", }, { cve: "CVE-2020-12362", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-12362", }, { cve: "CVE-2020-12400", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-12400", }, { cve: "CVE-2020-12401", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-12401", }, { cve: "CVE-2020-12402", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-12402", }, { cve: "CVE-2020-12403", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-12403", }, { cve: "CVE-2020-13938", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-13938", }, { cve: "CVE-2020-13950", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-13950", }, { cve: "CVE-2020-14145", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-14145", }, { cve: "CVE-2020-15861", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-15861", }, { cve: "CVE-2020-15862", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-15862", }, { cve: "CVE-2020-1927", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-1927", }, { cve: "CVE-2020-1934", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-1934", }, { cve: "CVE-2020-28469", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-28469", }, { cve: "CVE-2020-28502", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-28502", }, { cve: "CVE-2020-35452", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-35452", }, { cve: "CVE-2020-36049", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-36049", }, { cve: "CVE-2020-6829", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-6829", }, { cve: "CVE-2020-7660", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-7660", }, { cve: "CVE-2020-7754", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-7754", }, { cve: "CVE-2020-7774", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-7774", }, { cve: "CVE-2020-8648", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-8648", }, { cve: "CVE-2020-9490", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-9490", }, { cve: "CVE-2021-22543", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-22543", }, { cve: "CVE-2021-2342", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2342", }, { cve: "CVE-2021-23440", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-23440", }, { cve: "CVE-2021-2356", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2356", }, { cve: "CVE-2021-2372", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2372", }, { cve: "CVE-2021-2385", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2385", }, { cve: "CVE-2021-2389", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2389", }, { cve: "CVE-2021-2390", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2390", }, { cve: "CVE-2021-25745", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-25745", }, { cve: "CVE-2021-25746", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-25746", }, { cve: "CVE-2021-25748", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-25748", }, { cve: "CVE-2021-26690", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-26690", }, { cve: "CVE-2021-26691", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-26691", }, { cve: "CVE-2021-27290", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-27290", }, { cve: "CVE-2021-29469", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-29469", }, { cve: "CVE-2021-30641", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-30641", }, { cve: "CVE-2021-31535", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-31535", }, { cve: "CVE-2021-31618", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-31618", }, { cve: "CVE-2021-3177", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-3177", }, { cve: "CVE-2021-32803", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-32803", }, { cve: "CVE-2021-32804", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-32804", }, { cve: "CVE-2021-33033", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-33033", }, { cve: "CVE-2021-33034", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-33034", }, { cve: "CVE-2021-33193", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-33193", }, { cve: "CVE-2021-3347", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-3347", }, { cve: "CVE-2021-33909", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-33909", }, { cve: "CVE-2021-34798", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-34798", }, { cve: "CVE-2021-35604", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-35604", }, { cve: "CVE-2021-35624", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-35624", }, { cve: "CVE-2021-36160", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-36160", }, { cve: "CVE-2021-37701", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-37701", }, { cve: "CVE-2021-37712", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-37712", }, { cve: "CVE-2021-37713", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-37713", }, { cve: "CVE-2021-3803", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-3803", }, { cve: "CVE-2021-39275", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-39275", }, { cve: "CVE-2021-40438", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-40438", }, { cve: "CVE-2021-41524", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-41524", }, { cve: "CVE-2021-41773", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-41773", }, { cve: "CVE-2021-42013", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-42013", }, { cve: "CVE-2021-43527", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-43527", }, { cve: "CVE-2021-44224", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-44224", }, { cve: "CVE-2021-44225", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-44225", }, { cve: "CVE-2021-44790", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-44790", }, { cve: "CVE-2021-44906", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-44906", }, { cve: "CVE-2022-21245", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21245", }, { cve: "CVE-2022-21270", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21270", }, { cve: "CVE-2022-21303", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21303", }, { cve: "CVE-2022-21304", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21304", }, { cve: "CVE-2022-21344", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21344", }, { cve: "CVE-2022-21367", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21367", }, { cve: "CVE-2022-21417", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21417", }, { cve: "CVE-2022-21427", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21427", }, { cve: "CVE-2022-21444", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21444", }, { cve: "CVE-2022-21451", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21451", }, { cve: "CVE-2022-21454", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21454", }, { cve: "CVE-2022-21460", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21460", }, { cve: "CVE-2022-21589", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21589", }, { cve: "CVE-2022-21592", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21592", }, { cve: "CVE-2022-21595", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21595", }, { cve: "CVE-2022-21608", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21608", }, { cve: "CVE-2022-21617", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21617", }, { cve: "CVE-2022-22719", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22719", }, { cve: "CVE-2022-22720", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22720", }, { cve: "CVE-2022-22721", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22721", }, { cve: "CVE-2022-22822", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22822", }, { cve: "CVE-2022-22823", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22823", }, { cve: "CVE-2022-22824", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22824", }, { cve: "CVE-2022-23471", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23471", }, { cve: "CVE-2022-23524", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23524", }, { cve: "CVE-2022-23525", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23525", }, { cve: "CVE-2022-23526", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23526", }, { cve: "CVE-2022-23852", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23852", }, { cve: "CVE-2022-23943", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23943", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-25235", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-25235", }, { cve: "CVE-2022-25236", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-25236", }, { cve: "CVE-2022-2526", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-2526", }, { cve: "CVE-2022-25315", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-25315", }, { cve: "CVE-2022-26377", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-26377", }, { cve: "CVE-2022-28330", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-28330", }, { cve: "CVE-2022-28614", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-28614", }, { cve: "CVE-2022-28615", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-28615", }, { cve: "CVE-2022-29167", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-29167", }, { cve: "CVE-2022-29404", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-29404", }, { cve: "CVE-2022-30522", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-30522", }, { cve: "CVE-2022-30556", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-30556", }, { cve: "CVE-2022-31813", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-31813", }, { cve: "CVE-2022-3517", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-3517", }, { cve: "CVE-2022-3564", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-3564", }, { cve: "CVE-2022-36760", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-36760", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-37436", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-37436", }, { cve: "CVE-2022-40674", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-40674", }, { cve: "CVE-2022-41741", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-41741", }, { cve: "CVE-2022-41742", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-41742", }, { cve: "CVE-2022-4203", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-4203", }, { cve: "CVE-2022-4304", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-4304", }, { cve: "CVE-2022-4450", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-4450", }, { cve: "CVE-2022-46663", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-46663", }, { cve: "CVE-2022-4886", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-4886", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2023-0216", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0216", }, { cve: "CVE-2023-0217", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0217", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2023-0401", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0401", }, { cve: "CVE-2023-0464", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0464", }, { cve: "CVE-2023-0465", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0465", }, { cve: "CVE-2023-0466", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0466", }, { cve: "CVE-2023-0767", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0767", }, { cve: "CVE-2023-1255", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-1255", }, { cve: "CVE-2023-2002", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-2002", }, { cve: "CVE-2023-20593", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-20593", }, { cve: "CVE-2023-21830", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21830", }, { cve: "CVE-2023-21840", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21840", }, { cve: "CVE-2023-21843", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21843", }, { cve: "CVE-2023-21912", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21912", }, { cve: "CVE-2023-21963", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21963", }, { cve: "CVE-2023-21980", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21980", }, { cve: "CVE-2023-22025", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-22025", }, { cve: "CVE-2023-22067", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-22067", }, { cve: "CVE-2023-22081", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-22081", }, { cve: "CVE-2023-22652", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-22652", }, { cve: "CVE-2023-24329", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-24329", }, { cve: "CVE-2023-25153", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-25153", }, { cve: "CVE-2023-25173", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-25173", }, { cve: "CVE-2023-25690", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-25690", }, { cve: "CVE-2023-2700", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-2700", }, { cve: "CVE-2023-27522", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-27522", }, { cve: "CVE-2023-2828", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-2828", }, { cve: "CVE-2023-28840", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-28840", }, { cve: "CVE-2023-28841", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-28841", }, { cve: "CVE-2023-28842", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-28842", }, { cve: "CVE-2023-2975", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-2975", }, { cve: "CVE-2023-30079", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-30079", }, { cve: "CVE-2023-30630", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-30630", }, { cve: "CVE-2023-3090", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3090", }, { cve: "CVE-2023-32067", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-32067", }, { cve: "CVE-2023-32360", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-32360", }, { cve: "CVE-2023-32435", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-32435", }, { cve: "CVE-2023-32439", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-32439", }, { cve: "CVE-2023-32732", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-32732", }, { cve: "CVE-2023-3341", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3341", }, { cve: "CVE-2023-3390", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3390", }, { cve: "CVE-2023-33953", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-33953", }, { cve: "CVE-2023-34058", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-34058", }, { cve: "CVE-2023-34059", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-34059", }, { cve: "CVE-2023-3446", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3446", }, { cve: "CVE-2023-34969", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-34969", }, { cve: "CVE-2023-35001", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-35001", }, { cve: "CVE-2023-35788", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-35788", }, { cve: "CVE-2023-3611", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3611", }, { cve: "CVE-2023-37450", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-37450", }, { cve: "CVE-2023-3776", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3776", }, { cve: "CVE-2023-3817", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3817", }, { cve: "CVE-2023-4004", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4004", }, { cve: "CVE-2023-4206", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4206", }, { cve: "CVE-2023-4207", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4207", }, { cve: "CVE-2023-4208", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4208", }, { cve: "CVE-2023-42753", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-42753", }, { cve: "CVE-2023-4785", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4785", }, { cve: "CVE-2023-4807", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4807", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-5043", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-5043", }, { cve: "CVE-2023-5129", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-5129", }, { cve: "CVE-2023-5363", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-5363", }, { cve: "CVE-2024-20918", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20918", }, { cve: "CVE-2024-20919", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20919", }, { cve: "CVE-2024-20921", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20921", }, { cve: "CVE-2024-20926", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20926", }, { cve: "CVE-2024-20932", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20932", }, { cve: "CVE-2024-20945", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20945", }, { cve: "CVE-2024-20952", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20952", }, { cve: "CVE-2024-39511", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39511", }, { cve: "CVE-2024-39512", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39512", }, { cve: "CVE-2024-39513", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39513", }, { cve: "CVE-2024-39514", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39514", }, { cve: "CVE-2024-39517", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39517", }, { cve: "CVE-2024-39518", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39518", }, { cve: "CVE-2024-39519", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39519", }, { cve: "CVE-2024-39520", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39520", }, { cve: "CVE-2024-39521", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39521", }, { cve: "CVE-2024-39522", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39522", }, { cve: "CVE-2024-39523", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39523", }, { cve: "CVE-2024-39524", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39524", }, { cve: "CVE-2024-39528", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39528", }, { cve: "CVE-2024-39529", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39529", }, { cve: "CVE-2024-39530", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39530", }, { cve: "CVE-2024-39531", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39531", }, { cve: "CVE-2024-39532", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39532", }, { cve: "CVE-2024-39533", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39533", }, { cve: "CVE-2024-39535", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39535", }, { cve: "CVE-2024-39536", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39536", }, { cve: "CVE-2024-39537", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39537", }, { cve: "CVE-2024-39538", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39538", }, { cve: "CVE-2024-39539", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39539", }, { cve: "CVE-2024-39540", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39540", }, { cve: "CVE-2024-39541", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39541", }, { cve: "CVE-2024-39542", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39542", }, { cve: "CVE-2024-39543", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39543", }, { cve: "CVE-2024-39545", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39545", }, { cve: "CVE-2024-39546", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39546", }, { cve: "CVE-2024-39548", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39548", }, { cve: "CVE-2024-39549", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39549", }, { cve: "CVE-2024-39550", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39550", }, { cve: "CVE-2024-39551", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39551", }, { cve: "CVE-2024-39553", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39553", }, { cve: "CVE-2024-39554", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39554", }, { cve: "CVE-2024-39555", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39555", }, { cve: "CVE-2024-39556", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39556", }, { cve: "CVE-2024-39557", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39557", }, { cve: "CVE-2024-39558", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39558", }, { cve: "CVE-2024-39559", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39559", }, { cve: "CVE-2024-39560", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39560", }, { cve: "CVE-2024-39561", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39561", }, { cve: "CVE-2024-39565", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39565", }, ], }
WID-SEC-W-2023-2548
Vulnerability from csaf_certbund
Published
2023-10-03 22:00
Modified
2023-10-03 22:00
Summary
Google Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Android
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- Android", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2548 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2548.json", }, { category: "self", summary: "WID-SEC-2023-2548 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2548", }, { category: "external", summary: "Android Patchday Oktober 2023 vom 2023-10-03", url: "https://source.android.com/docs/security/bulletin/2023-10-01", }, ], source_lang: "en-US", title: "Google Android: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-03T22:00:00.000+00:00", generator: { date: "2024-08-15T17:59:23.276+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2548", initial_release_date: "2023-10-03T22:00:00.000+00:00", revision_history: [ { date: "2023-10-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Google Android 11", product: { name: "Google Android 11", product_id: "T017166", product_identification_helper: { cpe: "cpe:/o:google:android:11", }, }, }, { category: "product_name", name: "Google Android 12", product: { name: "Google Android 12", product_id: "T020881", product_identification_helper: { cpe: "cpe:/o:google:android:12", }, }, }, { category: "product_name", name: "Google Android 13", product: { name: "Google Android 13", product_id: "T029729", product_identification_helper: { cpe: "cpe:/o:google:android:13", }, }, }, { category: "product_name", name: "Google Android 12L", product: { name: "Google Android 12L", product_id: "T030210", product_identification_helper: { cpe: "cpe:/o:google:android:12l", }, }, }, ], category: "product_name", name: "Android", }, ], category: "vendor", name: "Google", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5129", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-5129", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-4211", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-4211", }, { cve: "CVE-2023-40638", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40638", }, { cve: "CVE-2023-40140", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40140", }, { cve: "CVE-2023-40139", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40139", }, { cve: "CVE-2023-40138", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40138", }, { cve: "CVE-2023-40137", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40137", }, { cve: "CVE-2023-40136", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40136", }, { cve: "CVE-2023-40135", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40135", }, { cve: "CVE-2023-40134", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40134", }, { cve: "CVE-2023-40133", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40133", }, { cve: "CVE-2023-40131", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40131", }, { cve: "CVE-2023-40130", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40130", }, { cve: "CVE-2023-40129", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40129", }, { cve: "CVE-2023-40128", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40128", }, { cve: "CVE-2023-40127", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40127", }, { cve: "CVE-2023-40125", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40125", }, { cve: "CVE-2023-40123", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40123", }, { cve: "CVE-2023-40121", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40121", }, { cve: "CVE-2023-40120", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40120", }, { cve: "CVE-2023-40117", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40117", }, { cve: "CVE-2023-40116", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40116", }, { cve: "CVE-2023-34970", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-34970", }, { cve: "CVE-2023-33200", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33200", }, { cve: "CVE-2023-33035", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33035", }, { cve: "CVE-2023-33034", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33034", }, { cve: "CVE-2023-33029", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33029", }, { cve: "CVE-2023-33028", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33028", }, { cve: "CVE-2023-33027", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33027", }, { cve: "CVE-2023-33026", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33026", }, { cve: "CVE-2023-32820", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-32820", }, { cve: "CVE-2023-32819", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-32819", }, { cve: "CVE-2023-28540", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-28540", }, { cve: "CVE-2023-24855", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24855", }, { cve: "CVE-2023-24853", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24853", }, { cve: "CVE-2023-24850", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24850", }, { cve: "CVE-2023-24849", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24849", }, { cve: "CVE-2023-24848", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24848", }, { cve: "CVE-2023-24847", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24847", }, { cve: "CVE-2023-24844", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24844", }, { cve: "CVE-2023-24843", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24843", }, { cve: "CVE-2023-22385", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-22385", }, { cve: "CVE-2023-21673", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21673", }, { cve: "CVE-2023-21291", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21291", }, { cve: "CVE-2023-21266", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21266", }, { cve: "CVE-2023-21253", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21253", }, { cve: "CVE-2023-21252", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21252", }, { cve: "CVE-2023-21244", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21244", }, { cve: "CVE-2023-20819", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-20819", }, { cve: "CVE-2022-28348", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2022-28348", }, { cve: "CVE-2021-44828", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2021-44828", }, ], }
WID-SEC-W-2023-2305
Vulnerability from csaf_certbund
Published
2023-09-11 22:00
Modified
2025-01-14 23:00
Summary
Google Chrome / Microsoft Edge: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Chrome ist ein Internet-Browser von Google.
Edge ist ein Internet-Browser von Microsoft.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Internet-Browser von Microsoft.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2305 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2305.json", }, { category: "self", summary: "WID-SEC-2023-2305 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2305", }, { category: "external", summary: "Google Chrome Stable Channel Update for Desktop vom 2023-09-11", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", }, { category: "external", summary: "Microsoft Leitfaden für Sicherheiztsupdates vom 2023-09-12", url: "https://msrc.microsoft.com/update-guide/", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D5FAEDE1D6 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5faede1d6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-F8319BD876 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f8319bd876", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-C4FA8A204D vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c4fa8a204d", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3388038193 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3388038193", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-509640A8A6 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-509640a8a6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-788F9BBB3F vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-788f9bbb3f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-32FA4259F4 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-32fa4259f4", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-9A6FD7A504 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9a6fd7a504", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3D1935DC6A vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3d1935dc6a", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-EA08732E6A vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ea08732e6a", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D58A84DDA8 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58a84dda8", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-0DE0929147 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0de0929147", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-C66924CB92 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c66924cb92", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-54433BC31F vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-54433bc31f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3BFB63F6D2 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bfb63f6d2", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5185 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5185", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-0DF1F37A48 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0df1f37a48", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-A33B8C01E7 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a33b8c01e7", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-05DC047BF8 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-05dc047bf8", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-79B0154754 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-79b0154754", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-B427F54E68 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b427f54e68", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5222 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5222", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5214 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5214", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5309 vom 2023-09-20", url: "https://access.redhat.com/errata/RHSA-2023:5309", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5309 vom 2023-09-20", url: "https://linux.oracle.com/errata/ELSA-2023-5309.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5214 vom 2023-09-20", url: "http://linux.oracle.com/errata/ELSA-2023-5214.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-DA064561FA vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-da064561fa", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-9ABC3565B5 vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9abc3565b5", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-09CC239FE3 vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3", }, { category: "external", summary: "Important release of LibreOffice", url: "https://blog.documentfoundation.org/blog/2023/09/26/lo-762-and-lo-757/", }, { category: "external", summary: "Ubuntu Security Notice USN-6369-2 vom 2023-09-28", url: "https://ubuntu.com/security/notices/USN-6369-2", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3829-1 vom 2023-09-27", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016363.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-E692A72898 vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e692a72898", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-9108CDA47C vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-9108cda47c", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-2A0668FE43 vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-2a0668fe43", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-CCA1F87440 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-cca1f87440", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-0CD03C3746 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0cd03c3746", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-C890266D3F vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c890266d3f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D66A01AD4F vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d66a01ad4f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-8F3E1B6F78 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-8f3e1b6f78", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-EDC9C74369 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-edc9c74369", }, { category: "external", summary: "NetApp Security Advisory NTAP-20230929-0011 vom 2023-09-29", url: "https://security.netapp.com/advisory/ntap-20230929-0011/", }, { category: "external", summary: "Elastic Security Announcement ESA-2023-19 vom 2023-10-10", url: "https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2290 vom 2023-10-20", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2290.html", }, { category: "external", summary: "WatchGuard Security Advisory WGSA-2023-00008 vom 2023-11-01", url: "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00008", }, { category: "external", summary: "Dell Security Advisory DSA-2023-396 vom 2023-12-06", url: "https://www.dell.com/support/kbdoc/000218770/dsa-2023-=", }, { category: "external", summary: "HP Security Bulletin HPSBPI03916 vom 2024-02-13", url: "https://support.hp.com/us-en/document/ish_10173649-10204798-16/HPSBPI03916", }, { category: "external", summary: "FortiGuard Labs PSIRT Advisory FG-IR-23-381 vom 2025-01-14", url: "https://www.fortiguard.com/psirt/FG-IR-23-381", }, ], source_lang: "en-US", title: "Google Chrome / Microsoft Edge: Schwachstelle ermöglicht Codeausführung", tracking: { current_release_date: "2025-01-14T23:00:00.000+00:00", generator: { date: "2025-01-15T09:22:46.217+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2023-2305", initial_release_date: "2023-09-11T22:00:00.000+00:00", revision_history: [ { date: "2023-09-11T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-09-12T22:00:00.000+00:00", number: "2", summary: "Neue Updates aufgenommen", }, { date: "2023-09-13T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-17T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-18T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat und Fedora aufgenommen", }, { date: "2023-09-20T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2023-09-24T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-26T22:00:00.000+00:00", number: "8", summary: "Neue Updates aufgenommen", }, { date: "2023-09-27T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Ubuntu und SUSE aufgenommen", }, { date: "2023-09-28T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-01T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Fedora und NetApp aufgenommen", }, { date: "2023-10-10T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Elastic aufgenommen", }, { date: "2023-10-19T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-11-01T23:00:00.000+00:00", number: "14", summary: "Neue Updates von WatchGuard aufgenommen", }, { date: "2023-12-05T23:00:00.000+00:00", number: "15", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-02-20T23:00:00.000+00:00", number: "16", summary: "Neue Updates von HP aufgenommen", }, { date: "2025-01-14T23:00:00.000+00:00", number: "17", summary: "Neue Updates von Fortinet aufgenommen", }, ], status: "final", version: "17", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Dell Computer", product: { name: "Dell Computer", product_id: "T006498", product_identification_helper: { cpe: "cpe:/o:dell:dell_computer:-", }, }, }, ], category: "vendor", name: "Dell", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { branches: [ { category: "product_version_range", name: "Windows <7.2.3", product: { name: "Fortinet FortiClient Windows <7.2.3", product_id: "T040204", }, }, { category: "product_version", name: "Windows 7.2.3", product: { name: "Fortinet FortiClient Windows 7.2.3", product_id: "T040204-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:windows__7.2.3", }, }, }, { category: "product_version_range", name: "Windows <7.0.10", product: { name: "Fortinet FortiClient Windows <7.0.10", product_id: "T040205", }, }, { category: "product_version", name: "Windows 7.0.10", product: { name: "Fortinet FortiClient Windows 7.0.10", product_id: "T040205-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:windows__7.0.10", }, }, }, { category: "product_version_range", name: "Linux <7.4.0", product: { name: "Fortinet FortiClient Linux <7.4.0", product_id: "T040206", }, }, { category: "product_version", name: "Linux 7.4.0", product: { name: "Fortinet FortiClient Linux 7.4.0", product_id: "T040206-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:linux__7.4.0", }, }, }, { category: "product_version_range", name: "Linux <7.2.5", product: { name: "Fortinet FortiClient Linux <7.2.5", product_id: "T040207", }, }, { category: "product_version", name: "Linux 7.2.5", product: { name: "Fortinet FortiClient Linux 7.2.5", product_id: "T040207-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:linux__7.2.5", }, }, }, { category: "product_version_range", name: "Mac <7.4.0", product: { name: "Fortinet FortiClient Mac <7.4.0", product_id: "T040208", }, }, { category: "product_version", name: "Mac 7.4.0", product: { name: "Fortinet FortiClient Mac 7.4.0", product_id: "T040208-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:mac__7.4.0", }, }, }, { category: "product_version_range", name: "Mac <7.2.5", product: { name: "Fortinet FortiClient Mac <7.2.5", product_id: "T040209", }, }, { category: "product_version", name: "Mac 7.2.5", product: { name: "Fortinet FortiClient Mac 7.2.5", product_id: "T040209-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:mac__7.2.5", }, }, }, { category: "product_version_range", name: "EMS <7.2.2", product: { name: "Fortinet FortiClient EMS <7.2.2", product_id: "T040210", }, }, { category: "product_version", name: "EMS 7.2.2", product: { name: "Fortinet FortiClient EMS 7.2.2", product_id: "T040210-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:ems__7.2.2", }, }, }, { category: "product_version_range", name: "EMS <7.0.10", product: { name: "Fortinet FortiClient EMS <7.0.10", product_id: "T040211", }, }, { category: "product_version", name: "EMS 7.0.10", product: { name: "Fortinet FortiClient EMS 7.0.10", product_id: "T040211-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:ems__7.0.10", }, }, }, ], category: "product_name", name: "FortiClient", }, ], category: "vendor", name: "Fortinet", }, { branches: [ { branches: [ { category: "product_version_range", name: "<116.0.5845.187", product: { name: "Google Chrome <116.0.5845.187", product_id: "T029774", }, }, { category: "product_version", name: "116.0.5845.187", product: { name: "Google Chrome 116.0.5845.187", product_id: "T029774-fixed", product_identification_helper: { cpe: "cpe:/a:google:chrome:116.0.5845.187", }, }, }, { category: "product_version_range", name: "<116.0.5845.188", product: { name: "Google Chrome <116.0.5845.188", product_id: "T029775", }, }, { category: "product_version", name: "116.0.5845.188", product: { name: "Google Chrome 116.0.5845.188", product_id: "T029775-fixed", product_identification_helper: { cpe: "cpe:/a:google:chrome:116.0.5845.188", }, }, }, ], category: "product_name", name: "Chrome", }, ], category: "vendor", name: "Google", }, { branches: [ { category: "product_name", name: "HP LaserJet", product: { name: "HP LaserJet", product_id: "T029061", product_identification_helper: { cpe: "cpe:/h:hp:laserjet:-", }, }, }, ], category: "vendor", name: "HP", }, { branches: [ { branches: [ { category: "product_version_range", name: "<116.0.1938.81", product: { name: "Microsoft Edge <116.0.1938.81", product_id: "T029787", }, }, { category: "product_version", name: "116.0.1938.81", product: { name: "Microsoft Edge 116.0.1938.81", product_id: "T029787-fixed", product_identification_helper: { cpe: "cpe:/a:microsoft:edge:116.0.1938.81", }, }, }, ], category: "product_name", name: "Edge", }, ], category: "vendor", name: "Microsoft", }, { branches: [ { category: "product_name", name: "NetApp ActiveIQ Unified Manager", product: { name: "NetApp ActiveIQ Unified Manager", product_id: "T026333", product_identification_helper: { cpe: "cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { branches: [ { category: "product_version_range", name: "<8.10.3", product: { name: "Open Source Kibana <8.10.3", product_id: "T030371", }, }, { category: "product_version", name: "8.10.3", product: { name: "Open Source Kibana 8.10.3", product_id: "T030371-fixed", product_identification_helper: { cpe: "cpe:/a:elasticsearch:kibana:8.10.3", }, }, }, { category: "product_version_range", name: "<7.17.14", product: { name: "Open Source Kibana <7.17.14", product_id: "T030372", }, }, { category: "product_version", name: "7.17.14", product: { name: "Open Source Kibana 7.17.14", product_id: "T030372-fixed", product_identification_helper: { cpe: "cpe:/a:elasticsearch:kibana:7.17.14", }, }, }, ], category: "product_name", name: "Kibana", }, { branches: [ { category: "product_version_range", name: "<7.6.2", product: { name: "Open Source LibreOffice <7.6.2", product_id: "T030072", }, }, { category: "product_version", name: "7.6.2", product: { name: "Open Source LibreOffice 7.6.2", product_id: "T030072-fixed", product_identification_helper: { cpe: "cpe:/a:libreoffice:libreoffice:7.6.2", }, }, }, { category: "product_version_range", name: "<7.5.7", product: { name: "Open Source LibreOffice <7.5.7", product_id: "T030073", }, }, { category: "product_version", name: "7.5.7", product: { name: "Open Source LibreOffice 7.5.7", product_id: "T030073-fixed", product_identification_helper: { cpe: "cpe:/a:libreoffice:libreoffice:7.5.7", }, }, }, ], category: "product_name", name: "LibreOffice", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { category: "product_name", name: "WatchGuard Firebox", product: { name: "WatchGuard Firebox", product_id: "T030882", product_identification_helper: { cpe: "cpe:/a:watchguard:firebox:-", }, }, }, ], category: "vendor", name: "WatchGuard", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der WebP-Komponente aufgrund eines Heap-Pufferüberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er einen Benutzer zum Besuch einer bösartigen Website verleitet. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T006498", "T030882", "T040209", "67646", "T040208", "T040207", "T040206", "T004914", "398363", "T040211", "T029775", "T040210", "T029774", "T029061", "T030073", "T030072", "T030372", "T030371", "74185", "T002207", "T000126", "T040205", "T040204", "T029787", "T026333", ], }, release_date: "2023-09-11T22:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-5129", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der WebP-Komponente aufgrund eines Heap-Pufferüberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er einen Benutzer zum Besuch einer bösartigen Website verleitet. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T006498", "T030882", "T040209", "67646", "T040208", "T040207", "T040206", "T004914", "398363", "T040211", "T029775", "T040210", "T029774", "T029061", "T030073", "T030072", "T030372", "T030371", "74185", "T002207", "T000126", "T040205", "T040204", "T029787", "T026333", ], }, release_date: "2023-09-11T22:00:00.000+00:00", title: "CVE-2023-5129", }, ], }
wid-sec-w-2023-2548
Vulnerability from csaf_certbund
Published
2023-10-03 22:00
Modified
2023-10-03 22:00
Summary
Google Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Android
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- Android", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2548 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2548.json", }, { category: "self", summary: "WID-SEC-2023-2548 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2548", }, { category: "external", summary: "Android Patchday Oktober 2023 vom 2023-10-03", url: "https://source.android.com/docs/security/bulletin/2023-10-01", }, ], source_lang: "en-US", title: "Google Android: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-03T22:00:00.000+00:00", generator: { date: "2024-08-15T17:59:23.276+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2548", initial_release_date: "2023-10-03T22:00:00.000+00:00", revision_history: [ { date: "2023-10-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Google Android 11", product: { name: "Google Android 11", product_id: "T017166", product_identification_helper: { cpe: "cpe:/o:google:android:11", }, }, }, { category: "product_name", name: "Google Android 12", product: { name: "Google Android 12", product_id: "T020881", product_identification_helper: { cpe: "cpe:/o:google:android:12", }, }, }, { category: "product_name", name: "Google Android 13", product: { name: "Google Android 13", product_id: "T029729", product_identification_helper: { cpe: "cpe:/o:google:android:13", }, }, }, { category: "product_name", name: "Google Android 12L", product: { name: "Google Android 12L", product_id: "T030210", product_identification_helper: { cpe: "cpe:/o:google:android:12l", }, }, }, ], category: "product_name", name: "Android", }, ], category: "vendor", name: "Google", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5129", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-5129", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-4211", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-4211", }, { cve: "CVE-2023-40638", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40638", }, { cve: "CVE-2023-40140", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40140", }, { cve: "CVE-2023-40139", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40139", }, { cve: "CVE-2023-40138", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40138", }, { cve: "CVE-2023-40137", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40137", }, { cve: "CVE-2023-40136", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40136", }, { cve: "CVE-2023-40135", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40135", }, { cve: "CVE-2023-40134", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40134", }, { cve: "CVE-2023-40133", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40133", }, { cve: "CVE-2023-40131", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40131", }, { cve: "CVE-2023-40130", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40130", }, { cve: "CVE-2023-40129", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40129", }, { cve: "CVE-2023-40128", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40128", }, { cve: "CVE-2023-40127", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40127", }, { cve: "CVE-2023-40125", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40125", }, { cve: "CVE-2023-40123", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40123", }, { cve: "CVE-2023-40121", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40121", }, { cve: "CVE-2023-40120", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40120", }, { cve: "CVE-2023-40117", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40117", }, { cve: "CVE-2023-40116", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-40116", }, { cve: "CVE-2023-34970", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-34970", }, { cve: "CVE-2023-33200", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33200", }, { cve: "CVE-2023-33035", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33035", }, { cve: "CVE-2023-33034", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33034", }, { cve: "CVE-2023-33029", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33029", }, { cve: "CVE-2023-33028", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33028", }, { cve: "CVE-2023-33027", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33027", }, { cve: "CVE-2023-33026", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-33026", }, { cve: "CVE-2023-32820", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-32820", }, { cve: "CVE-2023-32819", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-32819", }, { cve: "CVE-2023-28540", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-28540", }, { cve: "CVE-2023-24855", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24855", }, { cve: "CVE-2023-24853", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24853", }, { cve: "CVE-2023-24850", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24850", }, { cve: "CVE-2023-24849", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24849", }, { cve: "CVE-2023-24848", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24848", }, { cve: "CVE-2023-24847", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24847", }, { cve: "CVE-2023-24844", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24844", }, { cve: "CVE-2023-24843", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-24843", }, { cve: "CVE-2023-22385", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-22385", }, { cve: "CVE-2023-21673", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21673", }, { cve: "CVE-2023-21291", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21291", }, { cve: "CVE-2023-21266", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21266", }, { cve: "CVE-2023-21253", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21253", }, { cve: "CVE-2023-21252", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21252", }, { cve: "CVE-2023-21244", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-21244", }, { cve: "CVE-2023-20819", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2023-20819", }, { cve: "CVE-2022-28348", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2022-28348", }, { cve: "CVE-2021-44828", notes: [ { category: "description", text: "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T030210", "T029729", "T020881", "T017166", ], }, release_date: "2023-10-03T22:00:00.000+00:00", title: "CVE-2021-44828", }, ], }
wid-sec-w-2024-1591
Vulnerability from csaf_certbund
Published
2024-07-10 22:00
Modified
2024-11-11 23:00
Summary
Juniper JUNOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive zu umgehen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive zu umgehen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1591 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1591.json", }, { category: "self", summary: "WID-SEC-2024-1591 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1591", }, { category: "external", summary: "Juniper Patchday July 2024 vom 2024-07-10", url: "https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=100&f:ctype=%5BSecurity%20Advisories%5D", }, ], source_lang: "en-US", title: "Juniper JUNOS: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-11T23:00:00.000+00:00", generator: { date: "2024-11-12T09:31:28.569+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-1591", initial_release_date: "2024-07-10T22:00:00.000+00:00", revision_history: [ { date: "2024-07-10T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-11-11T23:00:00.000+00:00", number: "2", summary: "URL Kodierung angepasst", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Juniper JUNOS", product: { name: "Juniper JUNOS", product_id: "T036093", product_identification_helper: { cpe: "cpe:/o:juniper:junos:-", }, }, }, ], category: "vendor", name: "Juniper", }, ], }, vulnerabilities: [ { cve: "CVE-2006-20001", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2006-20001", }, { cve: "CVE-2007-5846", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2007-5846", }, { cve: "CVE-2008-6123", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2008-6123", }, { cve: "CVE-2011-1473", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2011-1473", }, { cve: "CVE-2011-5094", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2011-5094", }, { cve: "CVE-2012-6151", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2012-6151", }, { cve: "CVE-2014-10064", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-10064", }, { cve: "CVE-2014-2285", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-2285", }, { cve: "CVE-2014-2310", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-2310", }, { cve: "CVE-2014-3565", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-3565", }, { cve: "CVE-2014-7191", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-7191", }, { cve: "CVE-2014-8882", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2014-8882", }, { cve: "CVE-2015-5621", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2015-5621", }, { cve: "CVE-2015-8100", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2015-8100", }, { cve: "CVE-2015-9262", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2015-9262", }, { cve: "CVE-2016-1000232", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2016-1000232", }, { cve: "CVE-2016-10540", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2016-10540", }, { cve: "CVE-2016-4658", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2016-4658", }, { cve: "CVE-2017-1000048", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2017-1000048", }, { cve: "CVE-2017-15010", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2017-15010", }, { cve: "CVE-2018-18065", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2018-18065", }, { cve: "CVE-2018-20834", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2018-20834", }, { cve: "CVE-2018-3737", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2018-3737", }, { cve: "CVE-2018-7408", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2018-7408", }, { cve: "CVE-2019-10081", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-10081", }, { cve: "CVE-2019-10082", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-10082", }, { cve: "CVE-2019-10092", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-10092", }, { cve: "CVE-2019-10097", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-10097", }, { cve: "CVE-2019-10098", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-10098", }, { cve: "CVE-2019-11719", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-11719", }, { cve: "CVE-2019-11727", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-11727", }, { cve: "CVE-2019-11756", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-11756", }, { cve: "CVE-2019-16775", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-16775", }, { cve: "CVE-2019-16776", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-16776", }, { cve: "CVE-2019-16777", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-16777", }, { cve: "CVE-2019-17006", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-17006", }, { cve: "CVE-2019-17023", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-17023", }, { cve: "CVE-2019-17567", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-17567", }, { cve: "CVE-2019-20149", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-20149", }, { cve: "CVE-2019-20892", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-20892", }, { cve: "CVE-2019-9517", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2019-9517", }, { cve: "CVE-2020-11668", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-11668", }, { cve: "CVE-2020-11984", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-11984", }, { cve: "CVE-2020-11993", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-11993", }, { cve: "CVE-2020-12362", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-12362", }, { cve: "CVE-2020-12400", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-12400", }, { cve: "CVE-2020-12401", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-12401", }, { cve: "CVE-2020-12402", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-12402", }, { cve: "CVE-2020-12403", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-12403", }, { cve: "CVE-2020-13938", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-13938", }, { cve: "CVE-2020-13950", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-13950", }, { cve: "CVE-2020-14145", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-14145", }, { cve: "CVE-2020-15861", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-15861", }, { cve: "CVE-2020-15862", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-15862", }, { cve: "CVE-2020-1927", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-1927", }, { cve: "CVE-2020-1934", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-1934", }, { cve: "CVE-2020-28469", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-28469", }, { cve: "CVE-2020-28502", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-28502", }, { cve: "CVE-2020-35452", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-35452", }, { cve: "CVE-2020-36049", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-36049", }, { cve: "CVE-2020-6829", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-6829", }, { cve: "CVE-2020-7660", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-7660", }, { cve: "CVE-2020-7754", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-7754", }, { cve: "CVE-2020-7774", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-7774", }, { cve: "CVE-2020-8648", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-8648", }, { cve: "CVE-2020-9490", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2020-9490", }, { cve: "CVE-2021-22543", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-22543", }, { cve: "CVE-2021-2342", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2342", }, { cve: "CVE-2021-23440", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-23440", }, { cve: "CVE-2021-2356", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2356", }, { cve: "CVE-2021-2372", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2372", }, { cve: "CVE-2021-2385", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2385", }, { cve: "CVE-2021-2389", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2389", }, { cve: "CVE-2021-2390", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-2390", }, { cve: "CVE-2021-25745", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-25745", }, { cve: "CVE-2021-25746", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-25746", }, { cve: "CVE-2021-25748", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-25748", }, { cve: "CVE-2021-26690", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-26690", }, { cve: "CVE-2021-26691", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-26691", }, { cve: "CVE-2021-27290", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-27290", }, { cve: "CVE-2021-29469", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-29469", }, { cve: "CVE-2021-30641", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-30641", }, { cve: "CVE-2021-31535", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-31535", }, { cve: "CVE-2021-31618", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-31618", }, { cve: "CVE-2021-3177", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-3177", }, { cve: "CVE-2021-32803", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-32803", }, { cve: "CVE-2021-32804", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-32804", }, { cve: "CVE-2021-33033", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-33033", }, { cve: "CVE-2021-33034", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-33034", }, { cve: "CVE-2021-33193", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-33193", }, { cve: "CVE-2021-3347", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-3347", }, { cve: "CVE-2021-33909", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-33909", }, { cve: "CVE-2021-34798", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-34798", }, { cve: "CVE-2021-35604", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-35604", }, { cve: "CVE-2021-35624", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-35624", }, { cve: "CVE-2021-36160", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-36160", }, { cve: "CVE-2021-37701", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-37701", }, { cve: "CVE-2021-37712", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-37712", }, { cve: "CVE-2021-37713", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-37713", }, { cve: "CVE-2021-3803", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-3803", }, { cve: "CVE-2021-39275", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-39275", }, { cve: "CVE-2021-40438", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-40438", }, { cve: "CVE-2021-41524", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-41524", }, { cve: "CVE-2021-41773", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-41773", }, { cve: "CVE-2021-42013", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-42013", }, { cve: "CVE-2021-43527", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-43527", }, { cve: "CVE-2021-44224", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-44224", }, { cve: "CVE-2021-44225", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-44225", }, { cve: "CVE-2021-44790", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-44790", }, { cve: "CVE-2021-44906", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-44906", }, { cve: "CVE-2022-21245", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21245", }, { cve: "CVE-2022-21270", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21270", }, { cve: "CVE-2022-21303", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21303", }, { cve: "CVE-2022-21304", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21304", }, { cve: "CVE-2022-21344", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21344", }, { cve: "CVE-2022-21367", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21367", }, { cve: "CVE-2022-21417", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21417", }, { cve: "CVE-2022-21427", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21427", }, { cve: "CVE-2022-21444", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21444", }, { cve: "CVE-2022-21451", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21451", }, { cve: "CVE-2022-21454", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21454", }, { cve: "CVE-2022-21460", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21460", }, { cve: "CVE-2022-21589", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21589", }, { cve: "CVE-2022-21592", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21592", }, { cve: "CVE-2022-21595", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21595", }, { cve: "CVE-2022-21608", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21608", }, { cve: "CVE-2022-21617", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-21617", }, { cve: "CVE-2022-22719", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22719", }, { cve: "CVE-2022-22720", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22720", }, { cve: "CVE-2022-22721", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22721", }, { cve: "CVE-2022-22822", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22822", }, { cve: "CVE-2022-22823", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22823", }, { cve: "CVE-2022-22824", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-22824", }, { cve: "CVE-2022-23471", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23471", }, { cve: "CVE-2022-23524", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23524", }, { cve: "CVE-2022-23525", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23525", }, { cve: "CVE-2022-23526", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23526", }, { cve: "CVE-2022-23852", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23852", }, { cve: "CVE-2022-23943", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-23943", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-25235", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-25235", }, { cve: "CVE-2022-25236", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-25236", }, { cve: "CVE-2022-2526", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-2526", }, { cve: "CVE-2022-25315", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-25315", }, { cve: "CVE-2022-26377", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-26377", }, { cve: "CVE-2022-28330", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-28330", }, { cve: "CVE-2022-28614", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-28614", }, { cve: "CVE-2022-28615", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-28615", }, { cve: "CVE-2022-29167", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-29167", }, { cve: "CVE-2022-29404", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-29404", }, { cve: "CVE-2022-30522", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-30522", }, { cve: "CVE-2022-30556", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-30556", }, { cve: "CVE-2022-31813", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-31813", }, { cve: "CVE-2022-3517", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-3517", }, { cve: "CVE-2022-3564", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-3564", }, { cve: "CVE-2022-36760", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-36760", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-37436", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-37436", }, { cve: "CVE-2022-40674", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-40674", }, { cve: "CVE-2022-41741", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-41741", }, { cve: "CVE-2022-41742", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-41742", }, { cve: "CVE-2022-4203", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-4203", }, { cve: "CVE-2022-4304", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-4304", }, { cve: "CVE-2022-4450", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-4450", }, { cve: "CVE-2022-46663", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-46663", }, { cve: "CVE-2022-4886", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-4886", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2023-0216", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0216", }, { cve: "CVE-2023-0217", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0217", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2023-0401", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0401", }, { cve: "CVE-2023-0464", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0464", }, { cve: "CVE-2023-0465", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0465", }, { cve: "CVE-2023-0466", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0466", }, { cve: "CVE-2023-0767", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-0767", }, { cve: "CVE-2023-1255", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-1255", }, { cve: "CVE-2023-2002", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-2002", }, { cve: "CVE-2023-20593", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-20593", }, { cve: "CVE-2023-21830", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21830", }, { cve: "CVE-2023-21840", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21840", }, { cve: "CVE-2023-21843", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21843", }, { cve: "CVE-2023-21912", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21912", }, { cve: "CVE-2023-21963", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21963", }, { cve: "CVE-2023-21980", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-21980", }, { cve: "CVE-2023-22025", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-22025", }, { cve: "CVE-2023-22067", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-22067", }, { cve: "CVE-2023-22081", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-22081", }, { cve: "CVE-2023-22652", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-22652", }, { cve: "CVE-2023-24329", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-24329", }, { cve: "CVE-2023-25153", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-25153", }, { cve: "CVE-2023-25173", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-25173", }, { cve: "CVE-2023-25690", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-25690", }, { cve: "CVE-2023-2700", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-2700", }, { cve: "CVE-2023-27522", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-27522", }, { cve: "CVE-2023-2828", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-2828", }, { cve: "CVE-2023-28840", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-28840", }, { cve: "CVE-2023-28841", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-28841", }, { cve: "CVE-2023-28842", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-28842", }, { cve: "CVE-2023-2975", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-2975", }, { cve: "CVE-2023-30079", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-30079", }, { cve: "CVE-2023-30630", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-30630", }, { cve: "CVE-2023-3090", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3090", }, { cve: "CVE-2023-32067", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-32067", }, { cve: "CVE-2023-32360", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-32360", }, { cve: "CVE-2023-32435", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-32435", }, { cve: "CVE-2023-32439", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-32439", }, { cve: "CVE-2023-32732", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-32732", }, { cve: "CVE-2023-3341", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3341", }, { cve: "CVE-2023-3390", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3390", }, { cve: "CVE-2023-33953", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-33953", }, { cve: "CVE-2023-34058", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-34058", }, { cve: "CVE-2023-34059", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-34059", }, { cve: "CVE-2023-3446", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3446", }, { cve: "CVE-2023-34969", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-34969", }, { cve: "CVE-2023-35001", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-35001", }, { cve: "CVE-2023-35788", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-35788", }, { cve: "CVE-2023-3611", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3611", }, { cve: "CVE-2023-37450", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-37450", }, { cve: "CVE-2023-3776", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3776", }, { cve: "CVE-2023-3817", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-3817", }, { cve: "CVE-2023-4004", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4004", }, { cve: "CVE-2023-4206", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4206", }, { cve: "CVE-2023-4207", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4207", }, { cve: "CVE-2023-4208", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4208", }, { cve: "CVE-2023-42753", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-42753", }, { cve: "CVE-2023-4785", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4785", }, { cve: "CVE-2023-4807", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4807", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-5043", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-5043", }, { cve: "CVE-2023-5129", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-5129", }, { cve: "CVE-2023-5363", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-5363", }, { cve: "CVE-2024-20918", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20918", }, { cve: "CVE-2024-20919", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20919", }, { cve: "CVE-2024-20921", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20921", }, { cve: "CVE-2024-20926", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20926", }, { cve: "CVE-2024-20932", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20932", }, { cve: "CVE-2024-20945", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20945", }, { cve: "CVE-2024-20952", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-20952", }, { cve: "CVE-2024-39511", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39511", }, { cve: "CVE-2024-39512", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39512", }, { cve: "CVE-2024-39513", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39513", }, { cve: "CVE-2024-39514", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39514", }, { cve: "CVE-2024-39517", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39517", }, { cve: "CVE-2024-39518", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39518", }, { cve: "CVE-2024-39519", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39519", }, { cve: "CVE-2024-39520", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39520", }, { cve: "CVE-2024-39521", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39521", }, { cve: "CVE-2024-39522", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39522", }, { cve: "CVE-2024-39523", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39523", }, { cve: "CVE-2024-39524", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39524", }, { cve: "CVE-2024-39528", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39528", }, { cve: "CVE-2024-39529", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39529", }, { cve: "CVE-2024-39530", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39530", }, { cve: "CVE-2024-39531", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39531", }, { cve: "CVE-2024-39532", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39532", }, { cve: "CVE-2024-39533", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39533", }, { cve: "CVE-2024-39535", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39535", }, { cve: "CVE-2024-39536", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39536", }, { cve: "CVE-2024-39537", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39537", }, { cve: "CVE-2024-39538", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39538", }, { cve: "CVE-2024-39539", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39539", }, { cve: "CVE-2024-39540", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39540", }, { cve: "CVE-2024-39541", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39541", }, { cve: "CVE-2024-39542", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39542", }, { cve: "CVE-2024-39543", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39543", }, { cve: "CVE-2024-39545", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39545", }, { cve: "CVE-2024-39546", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39546", }, { cve: "CVE-2024-39548", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39548", }, { cve: "CVE-2024-39549", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39549", }, { cve: "CVE-2024-39550", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39550", }, { cve: "CVE-2024-39551", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39551", }, { cve: "CVE-2024-39553", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39553", }, { cve: "CVE-2024-39554", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39554", }, { cve: "CVE-2024-39555", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39555", }, { cve: "CVE-2024-39556", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39556", }, { cve: "CVE-2024-39557", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39557", }, { cve: "CVE-2024-39558", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39558", }, { cve: "CVE-2024-39559", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39559", }, { cve: "CVE-2024-39560", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39560", }, { cve: "CVE-2024-39561", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39561", }, { cve: "CVE-2024-39565", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.", }, ], product_status: { known_affected: [ "T036093", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-39565", }, ], }
WID-SEC-W-2024-0869
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-11-21 23:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0869 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0869.json", }, { category: "self", summary: "WID-SEC-2024-0869 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0869", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Communications vom 2024-04-16", url: "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixCGBU", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18", url: "https://access.redhat.com/errata/RHSA-2024:1878", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04", url: "https://security.gentoo.org/glsa/202405-01", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7987 vom 2024-10-10", url: "https://access.redhat.com/errata/RHSA-2024:7987", }, { category: "external", summary: "XEROX Security Advisory XRX24-017 vom 2024-11-21", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-21T23:00:00.000+00:00", generator: { date: "2024-11-22T10:07:06.493+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0869", initial_release_date: "2024-04-16T22:00:00.000+00:00", revision_history: [ { date: "2024-04-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-04-17T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-05T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-10-10T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-21T23:00:00.000+00:00", number: "5", summary: "Neue Updates von XEROX aufgenommen", }, ], status: "final", version: "5", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version", name: "5", product: { name: "Oracle Communications 5.0", product_id: "T021645", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.0", }, }, }, { category: "product_version", name: "22.4.0", product: { name: "Oracle Communications 22.4.0", product_id: "T024981", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.0", }, }, }, { category: "product_version", name: "23.1.0", product: { name: "Oracle Communications 23.1.0", product_id: "T027326", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.0", }, }, }, { category: "product_version", name: "23.2.0", product: { name: "Oracle Communications 23.2.0", product_id: "T028682", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.2.0", }, }, }, { category: "product_version", name: "5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_version", name: "23.2.2", product: { name: "Oracle Communications 23.2.2", product_id: "T030583", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.2.2", }, }, }, { category: "product_version", name: "23.3.0", product: { name: "Oracle Communications 23.3.0", product_id: "T030586", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.0", }, }, }, { category: "product_version", name: "9.0.0.0", product: { name: "Oracle Communications 9.0.0.0", product_id: "T030589", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.0.0.0", }, }, }, { category: "product_version_range", name: "<=7.2.1.0.0", product: { name: "Oracle Communications <=7.2.1.0.0", product_id: "T030593", }, }, { category: "product_version_range", name: "<=7.2.1.0.0", product: { name: "Oracle Communications <=7.2.1.0.0", product_id: "T030593-fixed", }, }, { category: "product_version_range", name: "<=9.0.2", product: { name: "Oracle Communications <=9.0.2", product_id: "T030595", }, }, { category: "product_version_range", name: "<=9.0.2", product: { name: "Oracle Communications <=9.0.2", product_id: "T030595-fixed", }, }, { category: "product_version", name: "23.3.1", product: { name: "Oracle Communications 23.3.1", product_id: "T032088", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.1", }, }, }, { category: "product_version", name: "23.4.0", product: { name: "Oracle Communications 23.4.0", product_id: "T032091", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.0", }, }, }, { category: "product_version", name: "23.4.1", product: { name: "Oracle Communications 23.4.1", product_id: "T034143", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.1", }, }, }, { category: "product_version_range", name: "<=23.4.2", product: { name: "Oracle Communications <=23.4.2", product_id: "T034144", }, }, { category: "product_version_range", name: "<=23.4.2", product: { name: "Oracle Communications <=23.4.2", product_id: "T034144-fixed", }, }, { category: "product_version", name: "24.1.0", product: { name: "Oracle Communications 24.1.0", product_id: "T034145", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0", }, }, }, { category: "product_version", name: "5.2", product: { name: "Oracle Communications 5.2", product_id: "T034146", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.2", }, }, }, { category: "product_version", name: "24.1.0.0.0", product: { name: "Oracle Communications 24.1.0.0.0", product_id: "T034147", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0.0.0", }, }, }, { category: "product_version", name: "23.3.2", product: { name: "Oracle Communications 23.3.2", product_id: "T034148", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.2", }, }, }, { category: "product_version", name: "14.0.0.0.0", product: { name: "Oracle Communications 14.0.0.0.0", product_id: "T034149", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0.0.0.0", }, }, }, { category: "product_version", name: "9.1.1.7.0", product: { name: "Oracle Communications 9.1.1.7.0", product_id: "T034150", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.7.0", }, }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { branches: [ { category: "product_version", name: "v9", product: { name: "Xerox FreeFlow Print Server v9", product_id: "T015632", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-40896", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-40896", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2023-2283", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-2283", }, { cve: "CVE-2023-31122", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-31122", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-34053", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-34053", }, { cve: "CVE-2023-34055", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-34055", }, { cve: "CVE-2023-4016", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4016", }, { cve: "CVE-2023-41056", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-41056", }, { cve: "CVE-2023-43496", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-43496", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-45142", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-45142", }, { cve: "CVE-2023-4641", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4641", }, { cve: "CVE-2023-46589", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-46589", }, { cve: "CVE-2023-47100", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-47100", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-49083", }, { cve: "CVE-2023-5072", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5072", }, { cve: "CVE-2023-51074", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51074", }, { cve: "CVE-2023-51257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51257", }, { cve: "CVE-2023-51775", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51775", }, { cve: "CVE-2023-5341", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5341", }, { cve: "CVE-2023-5363", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5363", }, { cve: "CVE-2023-6507", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-6507", }, { cve: "CVE-2024-1635", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-1635", }, { cve: "CVE-2024-21626", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-21626", }, { cve: "CVE-2024-22201", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22201", }, { cve: "CVE-2024-22233", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22233", }, { cve: "CVE-2024-22257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22257", }, { cve: "CVE-2024-22259", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22259", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-26130", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-26308", }, ], }
wid-sec-w-2023-3099
Vulnerability from csaf_certbund
Published
2023-12-11 23:00
Modified
2023-12-11 23:00
Summary
Unify OpenScape Produkte: Mehrere Schwachstellen ermöglichen Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenScape Business ist eine All-In-One-Lösung für Unified Communication & Collaboration
OpenScape Xpert ist eine Kommunikationslösung für mehrere Leitungen.
OpenScape Contact Center Enterprise ist eine integrierte Mehrkanal Callcenter Lösung.
OpenScape UC Application ist eine Unified Communications Lösung zur Integration mit bestehenden Anwendungen.
OpenScape Voice ist eine SIP-basierte Enterprise VoIP Lösung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Unify OpenScape Produkten ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "OpenScape Business ist eine All-In-One-Lösung für Unified Communication & Collaboration\r\nOpenScape Xpert ist eine Kommunikationslösung für mehrere Leitungen.\r\nOpenScape Contact Center Enterprise ist eine integrierte Mehrkanal Callcenter Lösung.\r\nOpenScape UC Application ist eine Unified Communications Lösung zur Integration mit bestehenden Anwendungen.\r\nOpenScape Voice ist eine SIP-basierte Enterprise VoIP Lösung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Unify OpenScape Produkten ausnutzen, um beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-3099 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3099.json", }, { category: "self", summary: "WID-SEC-2023-3099 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3099", }, { category: "external", summary: "Atos Unify Security Advisory vom 2023-12-11", url: "https://networks.unify.com/security/advisories/OBSO-2310-02.pdf", }, ], source_lang: "en-US", title: "Unify OpenScape Produkte: Mehrere Schwachstellen ermöglichen Codeausführung", tracking: { current_release_date: "2023-12-11T23:00:00.000+00:00", generator: { date: "2024-08-15T18:02:37.314+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-3099", initial_release_date: "2023-12-11T23:00:00.000+00:00", revision_history: [ { date: "2023-12-11T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Unify OpenScape Business < V3R3.0.1_007", product: { name: "Unify OpenScape Business < V3R3.0.1_007", product_id: "T031594", product_identification_helper: { cpe: "cpe:/a:unify:openscape_business:v3r3.0.1_007", }, }, }, { branches: [ { category: "product_name", name: "Unify OpenScape Contact Center < V10R4.16.0", product: { name: "Unify OpenScape Contact Center < V10R4.16.0", product_id: "T031596", product_identification_helper: { cpe: "cpe:/a:unify:openscape_contact_center:v10r4.16.0", }, }, }, { category: "product_name", name: "Unify OpenScape Contact Center < V11 R1.12.0", product: { name: "Unify OpenScape Contact Center < V11 R1.12.0", product_id: "T031597", product_identification_helper: { cpe: "cpe:/a:unify:openscape_contact_center:v11_r1.12.0", }, }, }, ], category: "product_name", name: "OpenScape Contact Center", }, { category: "product_name", name: "Unify OpenScape UC Application < V10 R5.7.0", product: { name: "Unify OpenScape UC Application < V10 R5.7.0", product_id: "T031598", product_identification_helper: { cpe: "cpe:/a:unify:openscape_uc_application:v10_r5.7.0", }, }, }, { category: "product_name", name: "Unify OpenScape Voice V10", product: { name: "Unify OpenScape Voice V10", product_id: "T031599", product_identification_helper: { cpe: "cpe:/a:unify:openscape_voice:v10", }, }, }, { category: "product_name", name: "Unify OpenScape Xpert < V7.0.8.4", product: { name: "Unify OpenScape Xpert < V7.0.8.4", product_id: "T031595", product_identification_helper: { cpe: "cpe:/h:unify:openscape_xpert:v7.0.8.4", }, }, }, ], category: "vendor", name: "Unify", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5129", notes: [ { category: "description", text: "In Unify OpenScape Produkten existieren mehrere Schwachstellen. In Google WebP (libwebp) besteht der Funktion BuildHuffmanTable() in utils/huffman_utils.c, eine Überlaufbedingung, die beim Dekodieren bestimmter Streams ausgelöst wird. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code zur Ausführung zu bringen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031599", ], }, release_date: "2023-12-11T23:00:00.000+00:00", title: "CVE-2023-5129", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "In Unify OpenScape Produkten existieren mehrere Schwachstellen. In Google WebP (libwebp) besteht der Funktion BuildHuffmanTable() in utils/huffman_utils.c, eine Überlaufbedingung, die beim Dekodieren bestimmter Streams ausgelöst wird. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code zur Ausführung zu bringen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031599", ], }, release_date: "2023-12-11T23:00:00.000+00:00", title: "CVE-2023-4863", }, ], }
WID-SEC-W-2023-2310
Vulnerability from csaf_certbund
Published
2023-09-12 22:00
Modified
2024-01-31 23:00
Summary
Google Chrome / Microsoft Edge: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Chrome ist ein Internet-Browser von Google.
Edge ist ein Browser von Microsoft
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome / Microsoft Edge ausnutzen, um Sicherheitsvorkehrungen zu umgehen und weitere, nicht näher beschriebene Auswirkungen zu erreichen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Browser von Microsoft", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome / Microsoft Edge ausnutzen, um Sicherheitsvorkehrungen zu umgehen und weitere, nicht näher beschriebene Auswirkungen zu erreichen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2310 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2310.json", }, { category: "self", summary: "WID-SEC-2023-2310 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2310", }, { category: "external", summary: "Chrome Stable Channel Update for Desktop vom 2023-09-12", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D5FAEDE1D6 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5faede1d6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-509640A8A6 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-509640a8a6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3D1935DC6A vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3d1935dc6a", }, { category: "external", summary: "Release notes for Microsoft Edge Security Updates vom 2023-09-17", url: "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#september-15-2023", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-C66924CB92 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c66924cb92", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3BFB63F6D2 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bfb63f6d2", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-0DE0929147 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0de0929147", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-54433BC31F vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-54433bc31f", }, { category: "external", summary: "Debian Security Advisory DSA-5497 vom 2023-09-17", url: "https://lists.debian.org/debian-security-announce/2023/msg00191.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D58A84DDA8 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58a84dda8", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-EA08732E6A vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ea08732e6a", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-A33B8C01E7 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a33b8c01e7", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5191 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5191", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-B427F54E68 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b427f54e68", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5204 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5204", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5190 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5190", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-79B0154754 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-79b0154754", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-05DC047BF8 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-05dc047bf8", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-0DF1F37A48 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0df1f37a48", }, { category: "external", summary: "Debian Security Advisory DLA-3570 vom 2023-09-18", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { category: "external", summary: "Debian Security Advisory DSA-5499 vom 2023-09-19", url: "https://lists.debian.org/debian-security-announce/2023/msg00192.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5189 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5189", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-9ABC3565B5 vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9abc3565b5", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-09CC239FE3 vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-981E9F53FF vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-981e9f53ff", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-DA064561FA vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-da064561fa", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-C890266D3F vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c890266d3f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-CCA1F87440 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-cca1f87440", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-EDC9C74369 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-edc9c74369", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-8F3E1B6F78 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-8f3e1b6f78", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202401-34 vom 2024-01-31", url: "https://security.gentoo.org/glsa/202401-34", }, ], source_lang: "en-US", title: "Google Chrome / Microsoft Edge: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-31T23:00:00.000+00:00", generator: { date: "2024-08-15T17:58:15.458+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2310", initial_release_date: "2023-09-12T22:00:00.000+00:00", revision_history: [ { date: "2023-09-12T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-09-13T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-17T22:00:00.000+00:00", number: "3", summary: "Updates von Microsoft", }, { date: "2023-09-18T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Fedora, Red Hat und Debian aufgenommen", }, { date: "2023-09-24T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-01T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-01-31T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Gentoo aufgenommen", }, ], status: "final", version: "7", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_name", name: "Google Chrome < 117.0.5938.62", product: { name: "Google Chrome < 117.0.5938.62", product_id: "T029823", product_identification_helper: { cpe: "cpe:/a:google:chrome:117.0.5938.62", }, }, }, { category: "product_name", name: "Google Chrome < 117.0.5938.63", product: { name: "Google Chrome < 117.0.5938.63", product_id: "T029824", product_identification_helper: { cpe: "cpe:/a:google:chrome:117.0.5938.63", }, }, }, ], category: "product_name", name: "Chrome", }, ], category: "vendor", name: "Google", }, { branches: [ { category: "product_name", name: "Microsoft Edge < 109.0.1518.140", product: { name: "Microsoft Edge < 109.0.1518.140", product_id: "T029920", product_identification_helper: { cpe: "cpe:/a:microsoft:edge:109.0.1518.140", }, }, }, ], category: "vendor", name: "Microsoft", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4909", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4909", }, { cve: "CVE-2023-4908", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4908", }, { cve: "CVE-2023-4907", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4907", }, { cve: "CVE-2023-4906", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4906", }, { cve: "CVE-2023-4905", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4905", }, { cve: "CVE-2023-4904", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4904", }, { cve: "CVE-2023-4903", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4903", }, { cve: "CVE-2023-4902", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4902", }, { cve: "CVE-2023-4901", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4901", }, { cve: "CVE-2023-4900", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4900", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Google Chrome / Microsoft Edge enthält mehrere Schwachstellen. Die Schwachstellen sind auf eine unsachgemäße Implementierung in den Komponenten \"Custom Tabs\", \"Prompts\", \"Input\", \"Custom Mobile Tabs\", \"Intents\", \"Picture in Picture\" und \"Interstitials\" sowie auf eine unzureichende Durchsetzung von Richtlinien in den Komponenten \"Downloads\" und \"Autofill\" zurückzuführen. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "2951", "67646", "T012167", "74185", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4863", }, ], }
WID-SEC-W-2023-2313
Vulnerability from csaf_certbund
Published
2023-09-12 22:00
Modified
2024-02-20 23:00
Summary
Mozilla Firefox und Thunderbird: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Firefox ist ein Open Source Web Browser.
ESR ist die Variante mit verlängertem Support.
Thunderbird ist ein Open Source E-Mail Client.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Firefox ist ein Open Source Web Browser. \r\nESR ist die Variante mit verlängertem Support.\r\nThunderbird ist ein Open Source E-Mail Client.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2313 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2313.json", }, { category: "self", summary: "WID-SEC-2023-2313 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2313", }, { category: "external", summary: "Mozilla Security Advisory MFSA2023-40 vom 2023-09-12", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D5FAEDE1D6 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5faede1d6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-F8319BD876 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f8319bd876", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-C4FA8A204D vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c4fa8a204d", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3388038193 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3388038193", }, { category: "external", summary: "Debian Security Advisory DSA-5497 vom 2023-09-13", url: "https://lists.debian.org/debian-security-announce/2023/msg00189.html", }, { category: "external", summary: "Debian Security Advisory DSA-5496 vom 2023-09-13", url: "https://lists.debian.org/debian-security-announce/2023/msg00188.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6367-1 vom 2023-09-14", url: "https://ubuntu.com/security/notices/USN-6367-1", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3610-1 vom 2023-09-15", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016157.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3609-1 vom 2023-09-15", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016158.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5205 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5205", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5188 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5188", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5189 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5189", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5192 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5192", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5200 vom 2023-09-19", url: "https://linux.oracle.com/errata/ELSA-2023-5200.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5191 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5191", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5197 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5197", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5198 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5198", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5201 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5201", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5200 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5200", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5202 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5202", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5204 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5204", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5197 vom 2023-09-19", url: "https://linux.oracle.com/errata/ELSA-2023-5197.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5191 vom 2023-09-19", url: "https://linux.oracle.com/errata/ELSA-2023-5191.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-0DF1F37A48 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0df1f37a48", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5187 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5187", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5184 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5184", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5183 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5183", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5184 vom 2023-09-19", url: "https://linux.oracle.com/errata/ELSA-2023-5184.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3664-1 vom 2023-09-18", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016188.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5186 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5186", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5190 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5190", }, { category: "external", summary: "Debian Security Advisory DLA-3570 vom 2023-09-18", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3634-1 vom 2023-09-18", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016176.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5224 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5224", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5223 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5223", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5222 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5222", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5214 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5214", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5236 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5236", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5309 vom 2023-09-20", url: "https://access.redhat.com/errata/RHSA-2023:5309", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5224 vom 2023-09-20", url: "http://linux.oracle.com/errata/ELSA-2023-5224.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5309 vom 2023-09-20", url: "https://linux.oracle.com/errata/ELSA-2023-5309.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5214 vom 2023-09-20", url: "http://linux.oracle.com/errata/ELSA-2023-5214.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5201 vom 2023-09-20", url: "http://linux.oracle.com/errata/ELSA-2023-5201.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-1BCD79CDF6 vom 2023-09-21", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-1bcd79cdf6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-4211889C5A vom 2023-09-22", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4211889c5a", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-981E9F53FF vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-981e9f53ff", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3794-1 vom 2023-09-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016334.html", }, { category: "external", summary: "Important release of LibreOffice", url: "https://blog.documentfoundation.org/blog/2023/09/26/lo-762-and-lo-757/", }, { category: "external", summary: "Ubuntu Security Notice USN-6369-2 vom 2023-09-28", url: "https://ubuntu.com/security/notices/USN-6369-2", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3829-1 vom 2023-09-27", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016363.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-2A0668FE43 vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-2a0668fe43", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-E692A72898 vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e692a72898", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-9108CDA47C vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-9108cda47c", }, { category: "external", summary: "NetApp Security Advisory NTAP-20230929-0011 vom 2023-09-29", url: "https://security.netapp.com/advisory/ntap-20230929-0011/", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-97EEA79ACB vom 2023-10-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-97eea79acb", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-0F232991DE vom 2023-10-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0f232991de", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-BBB8D72C6F vom 2023-10-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-bbb8d72c6f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-09EC498A2A vom 2023-10-08", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-09ec498a2a", }, { category: "external", summary: "Amazon Linux Security Advisory ALASFIREFOX-2023-015 vom 2023-10-18", url: "https://alas.aws.amazon.com/AL2/ALASFIREFOX-2023-015.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2291 vom 2023-10-20", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2291.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202401-10 vom 2024-01-07", url: "https://security.gentoo.org/glsa/202401-10", }, { category: "external", summary: "HP Security Bulletin HPSBPI03916 vom 2024-02-13", url: "https://support.hp.com/us-en/document/ish_10173649-10204798-16/HPSBPI03916", }, ], source_lang: "en-US", title: "Mozilla Firefox und Thunderbird: Schwachstelle ermöglicht Codeausführung", tracking: { current_release_date: "2024-02-20T23:00:00.000+00:00", generator: { date: "2024-08-15T17:58:16.322+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2313", initial_release_date: "2023-09-12T22:00:00.000+00:00", revision_history: [ { date: "2023-09-12T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-09-13T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Debian und Ubuntu aufgenommen", }, { date: "2023-09-14T22:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-09-18T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat, Oracle Linux, Fedora, SUSE und Debian aufgenommen", }, { date: "2023-09-19T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-09-20T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2023-09-21T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-24T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-26T22:00:00.000+00:00", number: "9", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-09-27T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Ubuntu und SUSE aufgenommen", }, { date: "2023-09-28T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-01T22:00:00.000+00:00", number: "12", summary: "Neue Updates von NetApp aufgenommen", }, { date: "2023-10-04T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-08T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-17T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-10-19T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-01-07T23:00:00.000+00:00", number: "17", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-02-20T23:00:00.000+00:00", number: "18", summary: "Neue Updates von HP aufgenommen", }, ], status: "final", version: "18", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { category: "product_name", name: "HP LaserJet", product: { name: "HP LaserJet", product_id: "T029061", product_identification_helper: { cpe: "cpe:/h:hp:laserjet:-", }, }, }, ], category: "vendor", name: "HP", }, { branches: [ { branches: [ { category: "product_version_range", name: "< 117.0.1", product: { name: "Mozilla Firefox < 117.0.1", product_id: "T029816", }, }, ], category: "product_name", name: "Firefox", }, { branches: [ { category: "product_version_range", name: "< 115.2.1", product: { name: "Mozilla Firefox ESR < 115.2.1", product_id: "T029817", }, }, { category: "product_version_range", name: "< 102.15.1", product: { name: "Mozilla Firefox ESR < 102.15.1", product_id: "T029818", }, }, ], category: "product_name", name: "Firefox ESR", }, { branches: [ { category: "product_version_range", name: "< 102.15.1", product: { name: "Mozilla Thunderbird < 102.15.1", product_id: "T029819", }, }, { category: "product_version_range", name: "< 115.2.2", product: { name: "Mozilla Thunderbird < 115.2.2", product_id: "T029820", }, }, ], category: "product_name", name: "Thunderbird", }, ], category: "vendor", name: "Mozilla", }, { branches: [ { category: "product_name", name: "NetApp ActiveIQ Unified Manager", product: { name: "NetApp ActiveIQ Unified Manager", product_id: "T026333", product_identification_helper: { cpe: "cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { branches: [ { category: "product_version_range", name: "< 7.6.2", product: { name: "Open Source LibreOffice < 7.6.2", product_id: "T030072", }, }, { category: "product_version_range", name: "< 7.5.7", product: { name: "Open Source LibreOffice < 7.5.7", product_id: "T030073", }, }, ], category: "product_name", name: "LibreOffice", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5129", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird. Dieser Fehler besteht in der libwep-Komponente aufgrund eines Heap-Pufferüberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "2951", "T002207", "67646", "T000126", "T029061", "398363", "T012167", "T004914", "74185", "T026333", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-5129", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird. Dieser Fehler besteht in der libwep-Komponente aufgrund eines Heap-Pufferüberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "2951", "T002207", "67646", "T000126", "T029061", "398363", "T012167", "T004914", "74185", "T026333", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4863", }, ], }
WID-SEC-W-2023-2902
Vulnerability from csaf_certbund
Published
2023-11-14 23:00
Modified
2023-11-14 23:00
Summary
IBM Security Guardium: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2902 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2902.json", }, { category: "self", summary: "WID-SEC-2023-2902 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2902", }, { category: "external", summary: "IBM Security Bulletin 7073592 vom 2023-11-14", url: "https://www.ibm.com/support/pages/node/7073592", }, ], source_lang: "en-US", title: "IBM Security Guardium: Mehrere Schwachstellen", tracking: { current_release_date: "2023-11-14T23:00:00.000+00:00", generator: { date: "2024-08-15T18:01:33.337+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2902", initial_release_date: "2023-11-14T23:00:00.000+00:00", revision_history: [ { date: "2023-11-14T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "IBM Security Guardium 12.0", product: { name: "IBM Security Guardium 12.0", product_id: "T031092", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:12.0", }, }, }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-4147", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-4147", }, { cve: "CVE-2023-4004", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-4004", }, { cve: "CVE-2023-3899", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-3899", }, { cve: "CVE-2023-38633", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-38633", }, { cve: "CVE-2023-3776", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-3776", }, { cve: "CVE-2023-3610", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-3610", }, { cve: "CVE-2023-35001", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-35001", }, { cve: "CVE-2023-3390", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-3390", }, { cve: "CVE-2023-31248", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-31248", }, { cve: "CVE-2023-30630", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-30630", }, { cve: "CVE-2023-2603", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-2603", }, { cve: "CVE-2023-2602", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-2602", }, { cve: "CVE-2023-21102", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-21102", }, { cve: "CVE-2023-20900", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20900", }, { cve: "CVE-2023-20593", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-20593", }, { cve: "CVE-2023-1637", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2023-1637", }, { cve: "CVE-2022-1941", notes: [ { category: "description", text: "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T031092", ], }, release_date: "2023-11-14T23:00:00.000+00:00", title: "CVE-2022-1941", }, ], }
wid-sec-w-2023-2841
Vulnerability from csaf_certbund
Published
2023-11-06 23:00
Modified
2023-12-05 23:00
Summary
Samsung Android: Mehrere Schwachstellen ermöglichen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren.
Betroffene Betriebssysteme
- Android
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren.", title: "Angriff", }, { category: "general", text: "- Android", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2841 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2841.json", }, { category: "self", summary: "WID-SEC-2023-2841 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2841", }, { category: "external", summary: "CISA Known Exploited Vulnerabilities Catalog vom 2023-12-05", url: "https://www.cisa.gov/news-events/alerts/2023/12/05/cisa-adds-four-known-exploited-vulnerabilities-catalog", }, { category: "external", summary: "Samsung Security Update vom 2023-11-06", url: "https://security.samsungmobile.com/securityUpdate.smsb", }, ], source_lang: "en-US", title: "Samsung Android: Mehrere Schwachstellen ermöglichen", tracking: { current_release_date: "2023-12-05T23:00:00.000+00:00", generator: { date: "2024-08-15T18:01:12.771+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2841", initial_release_date: "2023-11-06T23:00:00.000+00:00", revision_history: [ { date: "2023-11-06T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-12-05T23:00:00.000+00:00", number: "2", summary: "Aktive Ausnutzung gemeldet", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Samsung Android < 11 SMR Nov-2023 Release 1", product: { name: "Samsung Android < 11 SMR Nov-2023 Release 1", product_id: "T030954", product_identification_helper: { cpe: "cpe:/o:samsung:android:11_smr_nov-2023_release_1", }, }, }, { category: "product_name", name: "Samsung Android < 12 SMR Nov-2023 Release 1", product: { name: "Samsung Android < 12 SMR Nov-2023 Release 1", product_id: "T030955", product_identification_helper: { cpe: "cpe:/o:samsung:android:12_smr_nov-2023_release_1", }, }, }, { category: "product_name", name: "Samsung Android < 13 SMR Nov-2023 Release 1", product: { name: "Samsung Android < 13 SMR Nov-2023 Release 1", product_id: "T030956", product_identification_helper: { cpe: "cpe:/o:samsung:android:13_smr_nov-2023_release_1", }, }, }, ], category: "product_name", name: "Android", }, ], category: "vendor", name: "Samsung", }, ], }, vulnerabilities: [ { cve: "CVE-2023-41112", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-41112", }, { cve: "CVE-2023-41111", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-41111", }, { cve: "CVE-2023-40638", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40638", }, { cve: "CVE-2023-40124", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40124", }, { cve: "CVE-2023-40115", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40115", }, { cve: "CVE-2023-40114", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40114", }, { cve: "CVE-2023-40113", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40113", }, { cve: "CVE-2023-40112", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40112", }, { cve: "CVE-2023-40111", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40111", }, { cve: "CVE-2023-40110", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40110", }, { cve: "CVE-2023-40109", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40109", }, { cve: "CVE-2023-40107", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40107", }, { cve: "CVE-2023-40106", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40106", }, { cve: "CVE-2023-40105", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40105", }, { cve: "CVE-2023-40104", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40104", }, { cve: "CVE-2023-40100", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-40100", }, { cve: "CVE-2023-34970", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-34970", }, { cve: "CVE-2023-33200", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33200", }, { cve: "CVE-2023-33107", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33107", }, { cve: "CVE-2023-33106", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33106", }, { cve: "CVE-2023-33063", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33063", }, { cve: "CVE-2023-33035", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33035", }, { cve: "CVE-2023-33034", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33034", }, { cve: "CVE-2023-33029", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33029", }, { cve: "CVE-2023-33028", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33028", }, { cve: "CVE-2023-33027", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33027", }, { cve: "CVE-2023-33026", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-33026", }, { cve: "CVE-2023-32820", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-32820", }, { cve: "CVE-2023-32819", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-32819", }, { cve: "CVE-2023-30739", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-30739", }, { cve: "CVE-2023-28540", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-28540", }, { cve: "CVE-2023-24855", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24855", }, { cve: "CVE-2023-24853", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24853", }, { cve: "CVE-2023-24850", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24850", }, { cve: "CVE-2023-24849", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24849", }, { cve: "CVE-2023-24848", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24848", }, { cve: "CVE-2023-24847", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24847", }, { cve: "CVE-2023-24844", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24844", }, { cve: "CVE-2023-24843", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-24843", }, { cve: "CVE-2023-22385", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-22385", }, { cve: "CVE-2023-21673", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-21673", }, { cve: "CVE-2023-21234", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-21234", }, { cve: "CVE-2023-21111", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-21111", }, { cve: "CVE-2023-21103", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-21103", }, { cve: "CVE-2023-20819", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-20819", }, { cve: "CVE-2022-28348", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2022-28348", }, { cve: "CVE-2022-22071", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2022-22071", }, { cve: "CVE-2021-44828", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2021-44828", }, { cve: "CVE-2020-29374", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2020-29374", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-42538", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42538", }, { cve: "CVE-2023-42537", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42537", }, { cve: "CVE-2023-42536", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42536", }, { cve: "CVE-2023-42535", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42535", }, { cve: "CVE-2023-42534", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42534", }, { cve: "CVE-2023-42533", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42533", }, { cve: "CVE-2023-42532", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42532", }, { cve: "CVE-2023-42531", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42531", }, { cve: "CVE-2023-42530", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42530", }, { cve: "CVE-2023-42529", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42529", }, { cve: "CVE-2023-42528", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42528", }, { cve: "CVE-2023-42527", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-42527", }, { cve: "CVE-2023-4211", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen in mehreren Komponenten wie SecSettings, SmsController oder der USB-Gadget-Schnittstelle aufgrund einer unsachgemäßen Eingabe- und Zertifikatsvalidierung, unsachgemäßer Zugriffskontrolle und anderen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Dateien zu manipulieren. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], release_date: "2023-11-06T23:00:00.000+00:00", title: "CVE-2023-4211", }, ], }
wid-sec-w-2023-2305
Vulnerability from csaf_certbund
Published
2023-09-11 22:00
Modified
2025-01-14 23:00
Summary
Google Chrome / Microsoft Edge: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Chrome ist ein Internet-Browser von Google.
Edge ist ein Internet-Browser von Microsoft.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Internet-Browser von Microsoft.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2305 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2305.json", }, { category: "self", summary: "WID-SEC-2023-2305 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2305", }, { category: "external", summary: "Google Chrome Stable Channel Update for Desktop vom 2023-09-11", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", }, { category: "external", summary: "Microsoft Leitfaden für Sicherheiztsupdates vom 2023-09-12", url: "https://msrc.microsoft.com/update-guide/", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D5FAEDE1D6 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5faede1d6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-F8319BD876 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f8319bd876", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-C4FA8A204D vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c4fa8a204d", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3388038193 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3388038193", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-509640A8A6 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-509640a8a6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-788F9BBB3F vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-788f9bbb3f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-32FA4259F4 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-32fa4259f4", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-9A6FD7A504 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9a6fd7a504", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3D1935DC6A vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3d1935dc6a", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-EA08732E6A vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ea08732e6a", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D58A84DDA8 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58a84dda8", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-0DE0929147 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0de0929147", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-C66924CB92 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c66924cb92", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-54433BC31F vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-54433bc31f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3BFB63F6D2 vom 2023-09-17", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bfb63f6d2", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5185 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5185", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-0DF1F37A48 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0df1f37a48", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-A33B8C01E7 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a33b8c01e7", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-05DC047BF8 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-05dc047bf8", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-79B0154754 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-79b0154754", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-B427F54E68 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b427f54e68", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5222 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5222", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5214 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5214", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5309 vom 2023-09-20", url: "https://access.redhat.com/errata/RHSA-2023:5309", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5309 vom 2023-09-20", url: "https://linux.oracle.com/errata/ELSA-2023-5309.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5214 vom 2023-09-20", url: "http://linux.oracle.com/errata/ELSA-2023-5214.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-DA064561FA vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-da064561fa", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-9ABC3565B5 vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9abc3565b5", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-09CC239FE3 vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3", }, { category: "external", summary: "Important release of LibreOffice", url: "https://blog.documentfoundation.org/blog/2023/09/26/lo-762-and-lo-757/", }, { category: "external", summary: "Ubuntu Security Notice USN-6369-2 vom 2023-09-28", url: "https://ubuntu.com/security/notices/USN-6369-2", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3829-1 vom 2023-09-27", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016363.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-E692A72898 vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e692a72898", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-9108CDA47C vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-9108cda47c", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-2A0668FE43 vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-2a0668fe43", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-CCA1F87440 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-cca1f87440", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-0CD03C3746 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0cd03c3746", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-C890266D3F vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c890266d3f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D66A01AD4F vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d66a01ad4f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-8F3E1B6F78 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-8f3e1b6f78", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-EDC9C74369 vom 2023-09-30", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-edc9c74369", }, { category: "external", summary: "NetApp Security Advisory NTAP-20230929-0011 vom 2023-09-29", url: "https://security.netapp.com/advisory/ntap-20230929-0011/", }, { category: "external", summary: "Elastic Security Announcement ESA-2023-19 vom 2023-10-10", url: "https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2290 vom 2023-10-20", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2290.html", }, { category: "external", summary: "WatchGuard Security Advisory WGSA-2023-00008 vom 2023-11-01", url: "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00008", }, { category: "external", summary: "Dell Security Advisory DSA-2023-396 vom 2023-12-06", url: "https://www.dell.com/support/kbdoc/000218770/dsa-2023-=", }, { category: "external", summary: "HP Security Bulletin HPSBPI03916 vom 2024-02-13", url: "https://support.hp.com/us-en/document/ish_10173649-10204798-16/HPSBPI03916", }, { category: "external", summary: "FortiGuard Labs PSIRT Advisory FG-IR-23-381 vom 2025-01-14", url: "https://www.fortiguard.com/psirt/FG-IR-23-381", }, ], source_lang: "en-US", title: "Google Chrome / Microsoft Edge: Schwachstelle ermöglicht Codeausführung", tracking: { current_release_date: "2025-01-14T23:00:00.000+00:00", generator: { date: "2025-01-15T09:22:46.217+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2023-2305", initial_release_date: "2023-09-11T22:00:00.000+00:00", revision_history: [ { date: "2023-09-11T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-09-12T22:00:00.000+00:00", number: "2", summary: "Neue Updates aufgenommen", }, { date: "2023-09-13T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-17T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-18T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat und Fedora aufgenommen", }, { date: "2023-09-20T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2023-09-24T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-26T22:00:00.000+00:00", number: "8", summary: "Neue Updates aufgenommen", }, { date: "2023-09-27T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Ubuntu und SUSE aufgenommen", }, { date: "2023-09-28T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-01T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Fedora und NetApp aufgenommen", }, { date: "2023-10-10T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Elastic aufgenommen", }, { date: "2023-10-19T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-11-01T23:00:00.000+00:00", number: "14", summary: "Neue Updates von WatchGuard aufgenommen", }, { date: "2023-12-05T23:00:00.000+00:00", number: "15", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-02-20T23:00:00.000+00:00", number: "16", summary: "Neue Updates von HP aufgenommen", }, { date: "2025-01-14T23:00:00.000+00:00", number: "17", summary: "Neue Updates von Fortinet aufgenommen", }, ], status: "final", version: "17", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Dell Computer", product: { name: "Dell Computer", product_id: "T006498", product_identification_helper: { cpe: "cpe:/o:dell:dell_computer:-", }, }, }, ], category: "vendor", name: "Dell", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { branches: [ { category: "product_version_range", name: "Windows <7.2.3", product: { name: "Fortinet FortiClient Windows <7.2.3", product_id: "T040204", }, }, { category: "product_version", name: "Windows 7.2.3", product: { name: "Fortinet FortiClient Windows 7.2.3", product_id: "T040204-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:windows__7.2.3", }, }, }, { category: "product_version_range", name: "Windows <7.0.10", product: { name: "Fortinet FortiClient Windows <7.0.10", product_id: "T040205", }, }, { category: "product_version", name: "Windows 7.0.10", product: { name: "Fortinet FortiClient Windows 7.0.10", product_id: "T040205-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:windows__7.0.10", }, }, }, { category: "product_version_range", name: "Linux <7.4.0", product: { name: "Fortinet FortiClient Linux <7.4.0", product_id: "T040206", }, }, { category: "product_version", name: "Linux 7.4.0", product: { name: "Fortinet FortiClient Linux 7.4.0", product_id: "T040206-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:linux__7.4.0", }, }, }, { category: "product_version_range", name: "Linux <7.2.5", product: { name: "Fortinet FortiClient Linux <7.2.5", product_id: "T040207", }, }, { category: "product_version", name: "Linux 7.2.5", product: { name: "Fortinet FortiClient Linux 7.2.5", product_id: "T040207-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:linux__7.2.5", }, }, }, { category: "product_version_range", name: "Mac <7.4.0", product: { name: "Fortinet FortiClient Mac <7.4.0", product_id: "T040208", }, }, { category: "product_version", name: "Mac 7.4.0", product: { name: "Fortinet FortiClient Mac 7.4.0", product_id: "T040208-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:mac__7.4.0", }, }, }, { category: "product_version_range", name: "Mac <7.2.5", product: { name: "Fortinet FortiClient Mac <7.2.5", product_id: "T040209", }, }, { category: "product_version", name: "Mac 7.2.5", product: { name: "Fortinet FortiClient Mac 7.2.5", product_id: "T040209-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:mac__7.2.5", }, }, }, { category: "product_version_range", name: "EMS <7.2.2", product: { name: "Fortinet FortiClient EMS <7.2.2", product_id: "T040210", }, }, { category: "product_version", name: "EMS 7.2.2", product: { name: "Fortinet FortiClient EMS 7.2.2", product_id: "T040210-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:ems__7.2.2", }, }, }, { category: "product_version_range", name: "EMS <7.0.10", product: { name: "Fortinet FortiClient EMS <7.0.10", product_id: "T040211", }, }, { category: "product_version", name: "EMS 7.0.10", product: { name: "Fortinet FortiClient EMS 7.0.10", product_id: "T040211-fixed", product_identification_helper: { cpe: "cpe:/a:fortinet:forticlient:ems__7.0.10", }, }, }, ], category: "product_name", name: "FortiClient", }, ], category: "vendor", name: "Fortinet", }, { branches: [ { branches: [ { category: "product_version_range", name: "<116.0.5845.187", product: { name: "Google Chrome <116.0.5845.187", product_id: "T029774", }, }, { category: "product_version", name: "116.0.5845.187", product: { name: "Google Chrome 116.0.5845.187", product_id: "T029774-fixed", product_identification_helper: { cpe: "cpe:/a:google:chrome:116.0.5845.187", }, }, }, { category: "product_version_range", name: "<116.0.5845.188", product: { name: "Google Chrome <116.0.5845.188", product_id: "T029775", }, }, { category: "product_version", name: "116.0.5845.188", product: { name: "Google Chrome 116.0.5845.188", product_id: "T029775-fixed", product_identification_helper: { cpe: "cpe:/a:google:chrome:116.0.5845.188", }, }, }, ], category: "product_name", name: "Chrome", }, ], category: "vendor", name: "Google", }, { branches: [ { category: "product_name", name: "HP LaserJet", product: { name: "HP LaserJet", product_id: "T029061", product_identification_helper: { cpe: "cpe:/h:hp:laserjet:-", }, }, }, ], category: "vendor", name: "HP", }, { branches: [ { branches: [ { category: "product_version_range", name: "<116.0.1938.81", product: { name: "Microsoft Edge <116.0.1938.81", product_id: "T029787", }, }, { category: "product_version", name: "116.0.1938.81", product: { name: "Microsoft Edge 116.0.1938.81", product_id: "T029787-fixed", product_identification_helper: { cpe: "cpe:/a:microsoft:edge:116.0.1938.81", }, }, }, ], category: "product_name", name: "Edge", }, ], category: "vendor", name: "Microsoft", }, { branches: [ { category: "product_name", name: "NetApp ActiveIQ Unified Manager", product: { name: "NetApp ActiveIQ Unified Manager", product_id: "T026333", product_identification_helper: { cpe: "cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { branches: [ { category: "product_version_range", name: "<8.10.3", product: { name: "Open Source Kibana <8.10.3", product_id: "T030371", }, }, { category: "product_version", name: "8.10.3", product: { name: "Open Source Kibana 8.10.3", product_id: "T030371-fixed", product_identification_helper: { cpe: "cpe:/a:elasticsearch:kibana:8.10.3", }, }, }, { category: "product_version_range", name: "<7.17.14", product: { name: "Open Source Kibana <7.17.14", product_id: "T030372", }, }, { category: "product_version", name: "7.17.14", product: { name: "Open Source Kibana 7.17.14", product_id: "T030372-fixed", product_identification_helper: { cpe: "cpe:/a:elasticsearch:kibana:7.17.14", }, }, }, ], category: "product_name", name: "Kibana", }, { branches: [ { category: "product_version_range", name: "<7.6.2", product: { name: "Open Source LibreOffice <7.6.2", product_id: "T030072", }, }, { category: "product_version", name: "7.6.2", product: { name: "Open Source LibreOffice 7.6.2", product_id: "T030072-fixed", product_identification_helper: { cpe: "cpe:/a:libreoffice:libreoffice:7.6.2", }, }, }, { category: "product_version_range", name: "<7.5.7", product: { name: "Open Source LibreOffice <7.5.7", product_id: "T030073", }, }, { category: "product_version", name: "7.5.7", product: { name: "Open Source LibreOffice 7.5.7", product_id: "T030073-fixed", product_identification_helper: { cpe: "cpe:/a:libreoffice:libreoffice:7.5.7", }, }, }, ], category: "product_name", name: "LibreOffice", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { category: "product_name", name: "WatchGuard Firebox", product: { name: "WatchGuard Firebox", product_id: "T030882", product_identification_helper: { cpe: "cpe:/a:watchguard:firebox:-", }, }, }, ], category: "vendor", name: "WatchGuard", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der WebP-Komponente aufgrund eines Heap-Pufferüberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er einen Benutzer zum Besuch einer bösartigen Website verleitet. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T006498", "T030882", "T040209", "67646", "T040208", "T040207", "T040206", "T004914", "398363", "T040211", "T029775", "T040210", "T029774", "T029061", "T030073", "T030072", "T030372", "T030371", "74185", "T002207", "T000126", "T040205", "T040204", "T029787", "T026333", ], }, release_date: "2023-09-11T22:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-5129", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der WebP-Komponente aufgrund eines Heap-Pufferüberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er einen Benutzer zum Besuch einer bösartigen Website verleitet. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T006498", "T030882", "T040209", "67646", "T040208", "T040207", "T040206", "T004914", "398363", "T040211", "T029775", "T040210", "T029774", "T029061", "T030073", "T030072", "T030372", "T030371", "74185", "T002207", "T000126", "T040205", "T040204", "T029787", "T026333", ], }, release_date: "2023-09-11T22:00:00.000+00:00", title: "CVE-2023-5129", }, ], }
wid-sec-w-2023-2313
Vulnerability from csaf_certbund
Published
2023-09-12 22:00
Modified
2024-02-20 23:00
Summary
Mozilla Firefox und Thunderbird: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Firefox ist ein Open Source Web Browser.
ESR ist die Variante mit verlängertem Support.
Thunderbird ist ein Open Source E-Mail Client.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Firefox ist ein Open Source Web Browser. \r\nESR ist die Variante mit verlängertem Support.\r\nThunderbird ist ein Open Source E-Mail Client.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2313 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2313.json", }, { category: "self", summary: "WID-SEC-2023-2313 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2313", }, { category: "external", summary: "Mozilla Security Advisory MFSA2023-40 vom 2023-09-12", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-D5FAEDE1D6 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5faede1d6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-F8319BD876 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f8319bd876", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-C4FA8A204D vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c4fa8a204d", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-3388038193 vom 2023-09-13", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3388038193", }, { category: "external", summary: "Debian Security Advisory DSA-5497 vom 2023-09-13", url: "https://lists.debian.org/debian-security-announce/2023/msg00189.html", }, { category: "external", summary: "Debian Security Advisory DSA-5496 vom 2023-09-13", url: "https://lists.debian.org/debian-security-announce/2023/msg00188.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6367-1 vom 2023-09-14", url: "https://ubuntu.com/security/notices/USN-6367-1", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3610-1 vom 2023-09-15", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016157.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3609-1 vom 2023-09-15", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016158.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5205 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5205", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5188 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5188", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5189 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5189", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5192 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5192", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5200 vom 2023-09-19", url: "https://linux.oracle.com/errata/ELSA-2023-5200.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5191 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5191", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5197 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5197", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5198 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5198", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5201 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5201", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5200 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5200", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5202 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5202", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5204 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5204", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5197 vom 2023-09-19", url: "https://linux.oracle.com/errata/ELSA-2023-5197.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5191 vom 2023-09-19", url: "https://linux.oracle.com/errata/ELSA-2023-5191.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-0DF1F37A48 vom 2023-09-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0df1f37a48", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5187 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5187", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5184 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5184", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5183 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5183", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5184 vom 2023-09-19", url: "https://linux.oracle.com/errata/ELSA-2023-5184.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3664-1 vom 2023-09-18", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016188.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5186 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5186", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5190 vom 2023-09-18", url: "https://access.redhat.com/errata/RHSA-2023:5190", }, { category: "external", summary: "Debian Security Advisory DLA-3570 vom 2023-09-18", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3634-1 vom 2023-09-18", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016176.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5224 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5224", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5223 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5223", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5222 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5222", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5214 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5214", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5236 vom 2023-09-19", url: "https://access.redhat.com/errata/RHSA-2023:5236", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5309 vom 2023-09-20", url: "https://access.redhat.com/errata/RHSA-2023:5309", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5224 vom 2023-09-20", url: "http://linux.oracle.com/errata/ELSA-2023-5224.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5309 vom 2023-09-20", url: "https://linux.oracle.com/errata/ELSA-2023-5309.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5214 vom 2023-09-20", url: "http://linux.oracle.com/errata/ELSA-2023-5214.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5201 vom 2023-09-20", url: "http://linux.oracle.com/errata/ELSA-2023-5201.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-1BCD79CDF6 vom 2023-09-21", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-1bcd79cdf6", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-4211889C5A vom 2023-09-22", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4211889c5a", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-981E9F53FF vom 2023-09-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-981e9f53ff", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3794-1 vom 2023-09-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016334.html", }, { category: "external", summary: "Important release of LibreOffice", url: "https://blog.documentfoundation.org/blog/2023/09/26/lo-762-and-lo-757/", }, { category: "external", summary: "Ubuntu Security Notice USN-6369-2 vom 2023-09-28", url: "https://ubuntu.com/security/notices/USN-6369-2", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:3829-1 vom 2023-09-27", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016363.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-2A0668FE43 vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-2a0668fe43", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-E692A72898 vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e692a72898", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-9108CDA47C vom 2023-09-28", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-9108cda47c", }, { category: "external", summary: "NetApp Security Advisory NTAP-20230929-0011 vom 2023-09-29", url: "https://security.netapp.com/advisory/ntap-20230929-0011/", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-97EEA79ACB vom 2023-10-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-97eea79acb", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-0F232991DE vom 2023-10-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0f232991de", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-BBB8D72C6F vom 2023-10-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-bbb8d72c6f", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-09EC498A2A vom 2023-10-08", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-09ec498a2a", }, { category: "external", summary: "Amazon Linux Security Advisory ALASFIREFOX-2023-015 vom 2023-10-18", url: "https://alas.aws.amazon.com/AL2/ALASFIREFOX-2023-015.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2291 vom 2023-10-20", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2291.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202401-10 vom 2024-01-07", url: "https://security.gentoo.org/glsa/202401-10", }, { category: "external", summary: "HP Security Bulletin HPSBPI03916 vom 2024-02-13", url: "https://support.hp.com/us-en/document/ish_10173649-10204798-16/HPSBPI03916", }, ], source_lang: "en-US", title: "Mozilla Firefox und Thunderbird: Schwachstelle ermöglicht Codeausführung", tracking: { current_release_date: "2024-02-20T23:00:00.000+00:00", generator: { date: "2024-08-15T17:58:16.322+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2313", initial_release_date: "2023-09-12T22:00:00.000+00:00", revision_history: [ { date: "2023-09-12T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-09-13T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Debian und Ubuntu aufgenommen", }, { date: "2023-09-14T22:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-09-18T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat, Oracle Linux, Fedora, SUSE und Debian aufgenommen", }, { date: "2023-09-19T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-09-20T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2023-09-21T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-24T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-09-26T22:00:00.000+00:00", number: "9", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-09-27T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Ubuntu und SUSE aufgenommen", }, { date: "2023-09-28T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-01T22:00:00.000+00:00", number: "12", summary: "Neue Updates von NetApp aufgenommen", }, { date: "2023-10-04T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-08T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-17T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-10-19T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-01-07T23:00:00.000+00:00", number: "17", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-02-20T23:00:00.000+00:00", number: "18", summary: "Neue Updates von HP aufgenommen", }, ], status: "final", version: "18", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { category: "product_name", name: "HP LaserJet", product: { name: "HP LaserJet", product_id: "T029061", product_identification_helper: { cpe: "cpe:/h:hp:laserjet:-", }, }, }, ], category: "vendor", name: "HP", }, { branches: [ { branches: [ { category: "product_version_range", name: "< 117.0.1", product: { name: "Mozilla Firefox < 117.0.1", product_id: "T029816", }, }, ], category: "product_name", name: "Firefox", }, { branches: [ { category: "product_version_range", name: "< 115.2.1", product: { name: "Mozilla Firefox ESR < 115.2.1", product_id: "T029817", }, }, { category: "product_version_range", name: "< 102.15.1", product: { name: "Mozilla Firefox ESR < 102.15.1", product_id: "T029818", }, }, ], category: "product_name", name: "Firefox ESR", }, { branches: [ { category: "product_version_range", name: "< 102.15.1", product: { name: "Mozilla Thunderbird < 102.15.1", product_id: "T029819", }, }, { category: "product_version_range", name: "< 115.2.2", product: { name: "Mozilla Thunderbird < 115.2.2", product_id: "T029820", }, }, ], category: "product_name", name: "Thunderbird", }, ], category: "vendor", name: "Mozilla", }, { branches: [ { category: "product_name", name: "NetApp ActiveIQ Unified Manager", product: { name: "NetApp ActiveIQ Unified Manager", product_id: "T026333", product_identification_helper: { cpe: "cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { branches: [ { category: "product_version_range", name: "< 7.6.2", product: { name: "Open Source LibreOffice < 7.6.2", product_id: "T030072", }, }, { category: "product_version_range", name: "< 7.5.7", product: { name: "Open Source LibreOffice < 7.5.7", product_id: "T030073", }, }, ], category: "product_name", name: "LibreOffice", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5129", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird. Dieser Fehler besteht in der libwep-Komponente aufgrund eines Heap-Pufferüberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "2951", "T002207", "67646", "T000126", "T029061", "398363", "T012167", "T004914", "74185", "T026333", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-5129", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird. Dieser Fehler besteht in der libwep-Komponente aufgrund eines Heap-Pufferüberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "2951", "T002207", "67646", "T000126", "T029061", "398363", "T012167", "T004914", "74185", "T026333", ], }, release_date: "2023-09-12T22:00:00.000+00:00", title: "CVE-2023-4863", }, ], }
ICSA-23-320-11
Vulnerability from csaf_cisa
Published
2023-11-14 00:00
Modified
2023-11-14 00:00
Summary
Siemens Mendix Studio Pro
Notes
Summary
Mendix Studio Pro is vulnerable to an out of bounds write vulnerability in the integrated libwebp library (CVE-2023-4863), that could allow an attacker to execute code in the context of a victim user's system.
Siemens has released updates for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{ document: { acknowledgments: [ { organization: "Siemens ProductCERT", summary: "reporting this vulnerability to CISA.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Mendix Studio Pro is vulnerable to an out of bounds write vulnerability in the integrated libwebp library (CVE-2023-4863), that could allow an attacker to execute code in the context of a victim user's system.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "other", text: "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.", title: "Advisory Conversion Disclaimer", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.", title: "Recommended Practices", }, { category: "general", text: "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", title: "Recommended Practices", }, { category: "general", text: "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, ], publisher: { category: "other", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "SSA-268517: Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio Pro - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-268517.json", }, { category: "self", summary: "SSA-268517: Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio Pro - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-268517.html", }, { category: "self", summary: "SSA-268517: Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio Pro - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-268517.pdf", }, { category: "self", summary: "SSA-268517: Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio Pro - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-268517.txt", }, { category: "self", summary: "ICS Advisory ICSA-23-320-11 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-320-11.json", }, { category: "self", summary: "ICS Advisory ICSA-23-320-11 - Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-11", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, ], title: "Siemens Mendix Studio Pro", tracking: { current_release_date: "2023-11-14T00:00:00Z", generator: { engine: { name: "CISA CSAF Generator", version: "1", }, }, id: "ICSA-23-320-11", initial_release_date: "2023-11-14T00:00:00Z", revision_history: [ { date: "2023-11-14T00:00:00Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V7.23.37", product: { name: "Mendix Studio Pro 7", product_id: "1", }, }, ], category: "product_name", name: "Mendix Studio Pro 7", }, { branches: [ { category: "product_version_range", name: "<V8.18.27", product: { name: "Mendix Studio Pro 8", product_id: "2", }, }, ], category: "product_name", name: "Mendix Studio Pro 8", }, { branches: [ { category: "product_version_range", name: "<V9.24.0", product: { name: "Mendix Studio Pro 9", product_id: "3", }, }, ], category: "product_name", name: "Mendix Studio Pro 9", }, { branches: [ { category: "product_version_range", name: "<V10.3.1", product: { name: "Mendix Studio Pro 10", product_id: "4", }, }, ], category: "product_name", name: "Mendix Studio Pro 10", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "The affected products are vulnerable to an out of bounds write vulnerability in the integrated libwebp library, that could be triggered while parsing specially crafted image files.\r\n\r\nThis could allow an attacker to execute code in the context of a victim user's system. As a precondition, the user needs to add such image files, or Mendix Marketplace content that contains such image files, to their project. The exploitation happens in certain scenarios when the user opens the document that contains the image.", title: "Summary", }, ], product_status: { known_affected: [ "4", "1", "2", "3", ], }, remediations: [ { category: "vendor_fix", details: "Update to V10.3.1 or later version", product_ids: [ "4", ], url: "https://docs.mendix.com/releasenotes/studio-pro/10/", }, { category: "vendor_fix", details: "Update to V7.23.37 or later version", product_ids: [ "1", ], url: "https://docs.mendix.com/releasenotes/studio-pro/7/", }, { category: "vendor_fix", details: "Update to V8.18.27 or later version", product_ids: [ "2", ], url: "https://docs.mendix.com/releasenotes/studio-pro/8/", }, { category: "vendor_fix", details: "Update to V9.24.0 or later version", product_ids: [ "3", ], url: "https://docs.mendix.com/releasenotes/studio-pro/9/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "4", "1", "2", "3", ], }, ], title: "CVE-2023-4863", }, ], }
icsa-23-320-11
Vulnerability from csaf_cisa
Published
2023-11-14 00:00
Modified
2023-11-14 00:00
Summary
Siemens Mendix Studio Pro
Notes
Summary
Mendix Studio Pro is vulnerable to an out of bounds write vulnerability in the integrated libwebp library (CVE-2023-4863), that could allow an attacker to execute code in the context of a victim user's system.
Siemens has released updates for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{ document: { acknowledgments: [ { organization: "Siemens ProductCERT", summary: "reporting this vulnerability to CISA.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Mendix Studio Pro is vulnerable to an out of bounds write vulnerability in the integrated libwebp library (CVE-2023-4863), that could allow an attacker to execute code in the context of a victim user's system.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "other", text: "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.", title: "Advisory Conversion Disclaimer", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.", title: "Recommended Practices", }, { category: "general", text: "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", title: "Recommended Practices", }, { category: "general", text: "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, ], publisher: { category: "other", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "SSA-268517: Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio Pro - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-268517.json", }, { category: "self", summary: "SSA-268517: Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio Pro - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-268517.html", }, { category: "self", summary: "SSA-268517: Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio Pro - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-268517.pdf", }, { category: "self", summary: "SSA-268517: Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio Pro - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-268517.txt", }, { category: "self", summary: "ICS Advisory ICSA-23-320-11 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-320-11.json", }, { category: "self", summary: "ICS Advisory ICSA-23-320-11 - Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-11", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, ], title: "Siemens Mendix Studio Pro", tracking: { current_release_date: "2023-11-14T00:00:00Z", generator: { engine: { name: "CISA CSAF Generator", version: "1", }, }, id: "ICSA-23-320-11", initial_release_date: "2023-11-14T00:00:00Z", revision_history: [ { date: "2023-11-14T00:00:00Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V7.23.37", product: { name: "Mendix Studio Pro 7", product_id: "1", }, }, ], category: "product_name", name: "Mendix Studio Pro 7", }, { branches: [ { category: "product_version_range", name: "<V8.18.27", product: { name: "Mendix Studio Pro 8", product_id: "2", }, }, ], category: "product_name", name: "Mendix Studio Pro 8", }, { branches: [ { category: "product_version_range", name: "<V9.24.0", product: { name: "Mendix Studio Pro 9", product_id: "3", }, }, ], category: "product_name", name: "Mendix Studio Pro 9", }, { branches: [ { category: "product_version_range", name: "<V10.3.1", product: { name: "Mendix Studio Pro 10", product_id: "4", }, }, ], category: "product_name", name: "Mendix Studio Pro 10", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4863", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "The affected products are vulnerable to an out of bounds write vulnerability in the integrated libwebp library, that could be triggered while parsing specially crafted image files.\r\n\r\nThis could allow an attacker to execute code in the context of a victim user's system. As a precondition, the user needs to add such image files, or Mendix Marketplace content that contains such image files, to their project. The exploitation happens in certain scenarios when the user opens the document that contains the image.", title: "Summary", }, ], product_status: { known_affected: [ "4", "1", "2", "3", ], }, remediations: [ { category: "vendor_fix", details: "Update to V10.3.1 or later version", product_ids: [ "4", ], url: "https://docs.mendix.com/releasenotes/studio-pro/10/", }, { category: "vendor_fix", details: "Update to V7.23.37 or later version", product_ids: [ "1", ], url: "https://docs.mendix.com/releasenotes/studio-pro/7/", }, { category: "vendor_fix", details: "Update to V8.18.27 or later version", product_ids: [ "2", ], url: "https://docs.mendix.com/releasenotes/studio-pro/8/", }, { category: "vendor_fix", details: "Update to V9.24.0 or later version", product_ids: [ "3", ], url: "https://docs.mendix.com/releasenotes/studio-pro/9/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "4", "1", "2", "3", ], }, ], title: "CVE-2023-4863", }, ], }
gsd-2023-4863
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Aliases
Aliases
{ GSD: { alias: "CVE-2023-4863", id: "GSD-2023-4863", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-4863", ], details: "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", id: "GSD-2023-4863", modified: "2023-12-13T01:20:26.936492Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "chrome-cve-admin@google.com", ID: "CVE-2023-4863", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Chrome", version: { version_data: [ { version_affected: "<", version_name: "116.0.5845.187", version_value: "116.0.5845.187", }, ], }, }, { product_name: "libwebp", version: { version_data: [ { version_affected: "<", version_name: "1.3.2", version_value: "1.3.2", }, ], }, }, ], }, vendor_name: "Google", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Heap buffer overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", refsource: "MISC", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", }, { name: "https://crbug.com/1479274", refsource: "MISC", url: "https://crbug.com/1479274", }, { name: "https://en.bandisoft.com/honeyview/history/", refsource: "MISC", url: "https://en.bandisoft.com/honeyview/history/", }, { name: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", refsource: "MISC", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { name: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", refsource: "MISC", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { name: "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", refsource: "MISC", url: "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", }, { name: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", refsource: "MISC", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", }, { name: "https://security-tracker.debian.org/tracker/CVE-2023-4863", refsource: "MISC", url: "https://security-tracker.debian.org/tracker/CVE-2023-4863", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1215231", refsource: "MISC", url: "https://bugzilla.suse.com/show_bug.cgi?id=1215231", }, { name: "https://news.ycombinator.com/item?id=37478403", refsource: "MISC", url: "https://news.ycombinator.com/item?id=37478403", }, { name: "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", refsource: "MISC", url: "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", }, { name: "https://www.debian.org/security/2023/dsa-5496", refsource: "MISC", url: "https://www.debian.org/security/2023/dsa-5496", }, { name: "https://www.debian.org/security/2023/dsa-5497", refsource: "MISC", url: "https://www.debian.org/security/2023/dsa-5497", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", }, { name: "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", refsource: "MISC", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", }, { name: "https://www.debian.org/security/2023/dsa-5498", refsource: "MISC", url: "https://www.debian.org/security/2023/dsa-5498", }, { name: "https://security.gentoo.org/glsa/202309-05", refsource: "MISC", url: "https://security.gentoo.org/glsa/202309-05", }, { name: "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", refsource: "MISC", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", }, { name: "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", refsource: "MISC", url: "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", }, { name: "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", refsource: "MISC", url: "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", }, { name: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", refsource: "MISC", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/21/4", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/21/4", }, { name: "https://blog.isosceles.com/the-webp-0day/", refsource: "MISC", url: "https://blog.isosceles.com/the-webp-0day/", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/22/1", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/22/1", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/22/3", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/22/3", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/22/4", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/22/4", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/22/5", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/22/5", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/22/8", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/22/8", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/22/7", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/22/7", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/22/6", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/22/6", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/26/1", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/26/1", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/26/7", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/26/7", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/28/1", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/28/1", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/28/2", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/28/2", }, { name: "http://www.openwall.com/lists/oss-security/2023/09/28/4", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2023/09/28/4", }, { name: "https://security.netapp.com/advisory/ntap-20230929-0011/", refsource: "MISC", url: "https://security.netapp.com/advisory/ntap-20230929-0011/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", }, { name: "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", refsource: "MISC", url: "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", }, { name: "https://www.bentley.com/advisories/be-2023-0001/", refsource: "MISC", url: "https://www.bentley.com/advisories/be-2023-0001/", }, { name: "https://security.gentoo.org/glsa/202401-10", refsource: "MISC", url: "https://security.gentoo.org/glsa/202401-10", }, ], }, }, "nvd.nist.gov": { cve: { cisaActionDue: "2023-10-04", cisaExploitAdd: "2023-09-13", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Google Chromium WebP Heap-Based Buffer Overflow Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", matchCriteriaId: "856C1821-5D22-4A4E-859D-8F5305255AB7", versionEndExcluding: "116.0.5845.187", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "54A821DA-91BA-454E-BC32-2152CD7989AE", versionEndExcluding: "117.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", matchCriteriaId: "F5CB1076-9147-44A4-B32F-86841DEB85DA", versionEndExcluding: "102.15.1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", matchCriteriaId: "D288632E-E2D5-4319-BE74-882D71D699C2", versionEndExcluding: "115.2.1", versionStartIncluding: "115.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "A073724D-52BD-4426-B58D-7A8BD24B8F8E", versionEndExcluding: "102.15.1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "952BEC0C-2DB0-476A-AF62-1269F8635B4A", versionEndExcluding: "115.2.2", versionStartIncluding: "115.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", matchCriteriaId: "49AFFE24-5E30-46A4-A3AE-13D8EB15DE91", versionEndExcluding: "117.0.2045.31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*", matchCriteriaId: "2804DDE4-B0A4-4B7F-A318-F491B6316B34", versionEndExcluding: "1.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", }, { lang: "es", value: "El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica)", }, ], id: "CVE-2023-4863", lastModified: "2024-01-07T11:15:13.650", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-12T15:15:24.327", references: [ { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/21/4", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/22/1", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/22/3", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/22/4", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/22/5", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/22/6", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/22/7", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/22/8", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/26/1", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/26/7", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/28/1", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/28/2", }, { source: "chrome-cve-admin@google.com", url: "http://www.openwall.com/lists/oss-security/2023/09/28/4", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", }, { source: "chrome-cve-admin@google.com", url: "https://blog.isosceles.com/the-webp-0day/", }, { source: "chrome-cve-admin@google.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1215231", }, { source: "chrome-cve-admin@google.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", }, { source: "chrome-cve-admin@google.com", tags: [ "Issue Tracking", "Permissions Required", "Vendor Advisory", ], url: "https://crbug.com/1479274", }, { source: "chrome-cve-admin@google.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://en.bandisoft.com/honeyview/history/", }, { source: "chrome-cve-admin@google.com", tags: [ "Patch", ], url: "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", }, { source: "chrome-cve-admin@google.com", tags: [ "Release Notes", ], url: "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", }, { source: "chrome-cve-admin@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", }, { source: "chrome-cve-admin@google.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", }, { source: "chrome-cve-admin@google.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", }, { source: "chrome-cve-admin@google.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://news.ycombinator.com/item?id=37478403", }, { source: "chrome-cve-admin@google.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2023-4863", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202309-05", }, { source: "chrome-cve-admin@google.com", url: "https://security.gentoo.org/glsa/202401-10", }, { source: "chrome-cve-admin@google.com", url: "https://security.netapp.com/advisory/ntap-20230929-0011/", }, { source: "chrome-cve-admin@google.com", url: "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", }, { source: "chrome-cve-admin@google.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { source: "chrome-cve-admin@google.com", url: "https://www.bentley.com/advisories/be-2023-0001/", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5496", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5497", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5498", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, ], sourceIdentifier: "chrome-cve-admin@google.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }, }, }, }
fkie_cve-2023-4863
Vulnerability from fkie_nvd
Published
2023-09-12 15:15
Modified
2025-03-13 16:17
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| mozilla | firefox | * | |
| mozilla | firefox | * | |
| mozilla | firefox | * | |
| mozilla | thunderbird | * | |
| mozilla | thunderbird | * | |
| microsoft | edge_chromium | * | |
| microsoft | teams | * | |
| microsoft | teams | * | |
| microsoft | webp_image_extension | * | |
| webmproject | libwebp | * | |
| netapp | active_iq_unified_manager | - | |
| bentley | seequent_leapfrog | * | |
| bandisoft | honeyview | * |
{ cisaActionDue: "2023-10-04", cisaExploitAdd: "2023-09-13", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Google Chromium WebP Heap-Based Buffer Overflow Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", matchCriteriaId: "856C1821-5D22-4A4E-859D-8F5305255AB7", versionEndExcluding: "116.0.5845.187", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", matchCriteriaId: "54B8855E-19B9-4D20-9B93-A5219F077335", versionEndExcluding: "102.15.1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", matchCriteriaId: "FBA8858E-AB6C-4708-820D-3F9D8D5A077F", versionEndExcluding: "117.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", matchCriteriaId: "6C494574-4187-4BC7-816B-6C1C288D711E", versionEndExcluding: "115.2.1", versionStartIncluding: "115.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "A073724D-52BD-4426-B58D-7A8BD24B8F8E", versionEndExcluding: "102.15.1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "952BEC0C-2DB0-476A-AF62-1269F8635B4A", versionEndExcluding: "115.2.2", versionStartIncluding: "115.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", matchCriteriaId: "0C8F8BD1-1D13-4605-BF19-E4292E2D6A00", versionEndExcluding: "116.0.1938.81", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:teams:*:*:*:*:*:macos:*:*", matchCriteriaId: "11C16818-7453-46CB-89C2-2A4D4452A198", versionEndExcluding: "1.6.00.26463", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:teams:*:*:*:*:desktop:*:*:*", matchCriteriaId: "46625A28-312D-4406-87AE-8A7C93222A45", versionEndExcluding: "1.6.00.26474", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:webp_image_extension:*:*:*:*:*:*:*:*", matchCriteriaId: "201D3850-75A4-4CB4-A312-B01BF51C7C8A", versionEndExcluding: "1.0.62681.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*", matchCriteriaId: "2804DDE4-B0A4-4B7F-A318-F491B6316B34", versionEndExcluding: "1.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bentley:seequent_leapfrog:*:*:*:*:*:*:*:*", matchCriteriaId: "E50A797C-2C6C-46A5-A9D0-8CD877EBA3CD", versionEndExcluding: "2023.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bandisoft:honeyview:*:*:*:*:*:*:*:*", matchCriteriaId: "A9D1BE06-A20B-43F3-B78D-21F2FF20026C", versionEndExcluding: "5.51", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", }, { lang: "es", value: "El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica)", }, ], id: "CVE-2023-4863", lastModified: "2025-03-13T16:17:15.573", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-12T15:15:24.327", references: [ { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/21/4", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/1", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/3", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/4", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/5", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/6", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/7", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/8", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/26/1", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/26/7", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/28/1", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/28/2", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/28/4", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", }, { source: "chrome-cve-admin@google.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.isosceles.com/the-webp-0day/", }, { source: "chrome-cve-admin@google.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1215231", }, { source: "chrome-cve-admin@google.com", tags: [ "Vendor Advisory", ], url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", }, { source: "chrome-cve-admin@google.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://crbug.com/1479274", }, { source: "chrome-cve-admin@google.com", tags: [ "Release Notes", ], url: "https://en.bandisoft.com/honeyview/history/", }, { source: "chrome-cve-admin@google.com", tags: [ "Patch", ], url: "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", }, { source: "chrome-cve-admin@google.com", tags: [ "Release Notes", ], url: "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", }, { source: "chrome-cve-admin@google.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", }, { source: "chrome-cve-admin@google.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://news.ycombinator.com/item?id=37478403", }, { source: "chrome-cve-admin@google.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2023-4863", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202309-05", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202401-10", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230929-0011/", }, { source: "chrome-cve-admin@google.com", tags: [ "Exploit", ], url: "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", }, { source: "chrome-cve-admin@google.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://www.bentley.com/advisories/be-2023-0001/", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "https://www.debian.org/security/2023/dsa-5496", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", ], url: "https://www.debian.org/security/2023/dsa-5497", }, { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5498", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/21/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/22/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/26/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/26/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/28/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/09/28/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.isosceles.com/the-webp-0day/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1215231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://crbug.com/1479274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://en.bandisoft.com/honeyview/history/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://news.ycombinator.com/item?id=37478403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2023-4863", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202309-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202401-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230929-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.bentley.com/advisories/be-2023-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://www.debian.org/security/2023/dsa-5496", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://www.debian.org/security/2023/dsa-5497", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5498", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863", }, ], sourceIdentifier: "chrome-cve-admin@google.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
ghsa-j7hp-h8jx-5ppr
Vulnerability from github
Published
2023-09-12 15:30
Modified
2024-02-12 15:56
Severity ?
Summary
libwebp: OOB write in BuildHuffmanTable
Details
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
{ affected: [ { package: { ecosystem: "crates.io", name: "libwebp-sys2", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "0.1.8", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "crates.io", name: "libwebp-sys", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "0.9.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "npm", name: "electron", }, ranges: [ { events: [ { introduced: "22.0.0", }, { fixed: "22.3.24", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "npm", name: "electron", }, ranges: [ { events: [ { introduced: "24.0.0", }, { fixed: "24.8.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "npm", name: "electron", }, ranges: [ { events: [ { introduced: "25.0.0", }, { fixed: "25.8.1", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "npm", name: "electron", }, ranges: [ { events: [ { introduced: "26.0.0", }, { fixed: "26.2.1", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "npm", name: "electron", }, ranges: [ { events: [ { introduced: "27.0.0-beta.1", }, { fixed: "27.0.0-beta.2", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "SkiaSharp", }, ranges: [ { events: [ { introduced: "2.0.0", }, { fixed: "2.88.6", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Go", name: "github.com/chai2010/webp", }, ranges: [ { events: [ { introduced: "1.0.0", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "PyPI", name: "Pillow", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "10.0.1", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "crates.io", name: "webp", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "0.2.6", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "magick.net-q16-anycpu", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "13.3.0", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "magick.net-q16-hdri-anycpu", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "13.3.0", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "magick.net-q16-x64", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "13.3.0", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "magick.net-q8-anycpu", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "13.3.0", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "magick.net-q8-openmp-x64", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "13.3.0", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "NuGet", name: "magick.net-q8-x64", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "13.3.0", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2023-4863", ], database_specific: { cwe_ids: [ "CWE-787", ], github_reviewed: true, github_reviewed_at: "2023-09-14T16:20:50Z", nvd_published_at: "2023-09-12T15:15:24Z", severity: "HIGH", }, details: "Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page. ", id: "GHSA-j7hp-h8jx-5ppr", modified: "2024-02-12T15:56:30Z", published: "2023-09-12T15:30:20Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", }, { type: "WEB", url: "https://github.com/qnighy/libwebp-sys2-rs/pull/21", }, { type: "WEB", url: "https://github.com/python-pillow/Pillow/pull/7395", }, { type: "WEB", url: "https://github.com/jaredforth/webp/pull/30", }, { type: "WEB", url: "https://github.com/electron/electron/pull/39823", }, { type: "WEB", url: "https://github.com/electron/electron/pull/39825", }, { type: "WEB", url: "https://github.com/electron/electron/pull/39826", }, { type: "WEB", url: "https://github.com/electron/electron/pull/39827", }, { type: "WEB", url: "https://github.com/electron/electron/pull/39828", }, { type: "WEB", url: "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", }, { type: "WEB", url: "https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b", }, { type: "WEB", url: "https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc", }, { type: "WEB", url: "https://security.gentoo.org/glsa/202401-10", }, { type: "WEB", url: "https://security.gentoo.org/glsa/202309-05", }, { type: "WEB", url: "https://security-tracker.debian.org/tracker/CVE-2023-4863", }, { type: "WEB", url: "https://rustsec.org/advisories/RUSTSEC-2023-0061.html", }, { type: "WEB", url: "https://rustsec.org/advisories/RUSTSEC-2023-0060.html", }, { type: "WEB", url: "https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security", }, { type: "WEB", url: "https://news.ycombinator.com/item?id=37478403", }, { type: "WEB", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20230929-0011", }, { type: "WEB", url: "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", }, { type: "WEB", url: "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863", }, { type: "WEB", url: "https://www.bentley.com/advisories/be-2023-0001", }, { type: "WEB", url: "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks", }, { type: "WEB", url: "https://www.debian.org/security/2023/dsa-5496", }, { type: "WEB", url: "https://www.debian.org/security/2023/dsa-5497", }, { type: "WEB", url: "https://www.debian.org/security/2023/dsa-5498", }, { type: "WEB", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40", }, { type: "WEB", url: "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway", }, { type: "WEB", url: "https://blog.isosceles.com/the-webp-0day", }, { type: "WEB", url: "https://bugzilla.suse.com/show_bug.cgi?id=1215231", }, { type: "WEB", url: "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", }, { type: "WEB", url: "https://crbug.com/1479274", }, { type: "WEB", url: "https://en.bandisoft.com/honeyview/history", }, { type: "WEB", url: "https://github.com/ImageMagick/ImageMagick/discussions/6664", }, { type: "WEB", url: "https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0", }, { type: "PACKAGE", url: "https://github.com/webmproject/libwebp", }, { type: "WEB", url: "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/21/4", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/22/1", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/22/3", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/22/4", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/22/5", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/22/6", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/22/7", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/22/8", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/26/1", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/26/7", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/28/1", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/28/2", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2023/09/28/4", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], summary: "libwebp: OOB write in BuildHuffmanTable", }
ncsc-2024-0411
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:15
Modified
2024-10-17 13:15
Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Database producten en subsystemen, zoals de Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer en Secure Backup.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van data
- Toegang tot gevoelige gegevens
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-208
Observable Timing Discrepancy
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-755
Improper Handling of Exceptional Conditions
CWE-834
Excessive Iteration
CWE-407
Inefficient Algorithmic Complexity
CWE-178
Improper Handling of Case Sensitivity
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-415
Double Free
CWE-311
Missing Encryption of Sensitive Data
CWE-427
Uncontrolled Search Path Element
CWE-172
Encoding Error
CWE-680
Integer Overflow to Buffer Overflow
CWE-426
Untrusted Search Path
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-116
Improper Encoding or Escaping of Output
CWE-345
Insufficient Verification of Data Authenticity
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-203
Observable Discrepancy
CWE-190
Integer Overflow or Wraparound
CWE-552
Files or Directories Accessible to External Parties
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-275
CWE-275
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-416
Use After Free
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-476
NULL Pointer Dereference
CWE-295
Improper Certificate Validation
CWE-668
Exposure of Resource to Wrong Sphere
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-918
Server-Side Request Forgery (SSRF)
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-681
Incorrect Conversion between Numeric Types
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-269
Improper Privilege Management
CWE-20
Improper Input Validation
CWE-87
Improper Neutralization of Alternate XSS Syntax
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-18
CWE-18
CWE-385
Covert Timing Channel
CWE-606
Unchecked Input for Loop Condition
CWE-192
Integer Coercion Error
CWE-390
Detection of Error Condition Without Action
CWE-1325
Improperly Controlled Sequential Memory Allocation
CWE-222
Truncation of Security-relevant Information
CWE-131
Incorrect Calculation of Buffer Size
CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE-304
Missing Critical Step in Authentication
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Database producten en subsystemen, zoals de Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer en Secure Backup.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "general", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, { category: "general", text: "Double Free", title: "CWE-415", }, { category: "general", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "Encoding Error", title: "CWE-172", }, { category: "general", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, { category: "general", text: "Untrusted Search Path", title: "CWE-426", }, { category: "general", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Observable Discrepancy", title: "CWE-203", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "CWE-275", title: "CWE-275", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Exposure of Resource to Wrong Sphere", title: "CWE-668", }, { category: "general", text: "Inclusion of Functionality from Untrusted Control Sphere", title: "CWE-829", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Alternate XSS Syntax", title: "CWE-87", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "CWE-18", title: "CWE-18", }, { category: "general", text: "Covert Timing Channel", title: "CWE-385", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Integer Coercion Error", title: "CWE-192", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "general", text: "Improper Link Resolution Before File Access ('Link Following')", title: "CWE-59", }, { category: "general", text: "Missing Critical Step in Authentication", title: "CWE-304", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Database producten", tracking: { current_release_date: "2024-10-17T13:15:19.595269Z", id: "NCSC-2024-0411", initial_release_date: "2024-10-17T13:15:19.595269Z", revision_history: [ { date: "2024-10-17T13:15:19.595269Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "database_-_grid", product: { name: "database_-_grid", product_id: "CSAFPID-1673504", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_grid:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_grid", product: { name: "database_-_grid", product_id: "CSAFPID-1673506", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_grid:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673385", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673507", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673509", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673508", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph_mapviewer", product: { name: "spatial_and_graph_mapviewer", product_id: "CSAFPID-912561", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-764250", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673511", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673512", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-816800", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673529", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fleet_patching_and_provisioning_-_micronaut", product: { name: "fleet_patching_and_provisioning_-_micronaut", product_id: "CSAFPID-1673492", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fleet_patching_and_provisioning_-_micronaut:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fleet_patching_and_provisioning", product: { name: "fleet_patching_and_provisioning", product_id: "CSAFPID-1503603", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673445", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673443", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673444", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673451", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673450", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673452", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-816798", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-816799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-1673525", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:prior_to_24.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912046", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816855", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816361", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503302", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816852", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816853", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816854", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sqlcl", product: { name: "sqlcl", product_id: "CSAFPID-816801", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sqlcl", product: { name: "sqlcl", product_id: "CSAFPID-1673405", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sqlcl:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_administration", product: { name: "application_express_administration", product_id: "CSAFPID-764731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_customers_plugin", product: { name: "application_express_customers_plugin", product_id: "CSAFPID-764732", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_team_calendar_plugin", product: { name: "application_express_team_calendar_plugin", product_id: "CSAFPID-764733", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-266119", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1673510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:23.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1503575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1673188", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-765238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:19c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-765239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:21c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "blockchain_platform", product: { name: "blockchain_platform", product_id: "CSAFPID-764779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "blockchain_platform", product: { name: "blockchain_platform", product_id: "CSAFPID-89587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-765259", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:_security_and_provisioning___21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-187448", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-94075", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-220886", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-611394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-816317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-912567", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-1503612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-1673479", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_essbase", product: { name: "oracle_essbase", product_id: "CSAFPID-1650506", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_essbase:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-816845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1650825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1673404", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1650831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.14.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data", product: { name: "goldengate_big_data", product_id: "CSAFPID-764274", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-764752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-1673384", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-220192", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-220193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-816846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-611390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-764803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_veridata", product: { name: "goldengate_veridata", product_id: "CSAFPID-764275", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-342816", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-485902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-219912", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate_stream_analytics", product: { name: "oracle_goldengate_stream_analytics", product_id: "CSAFPID-1650515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "management_pack_for__goldengate", product: { name: "management_pack_for__goldengate", product_id: "CSAFPID-764861", product_identification_helper: { cpe: "cpe:2.3:a:oracle:management_pack_for__goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "management_pack_for__goldengate", product: { name: "management_pack_for__goldengate", product_id: "CSAFPID-1503640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate_studio", product: { name: "oracle_goldengate_studio", product_id: "CSAFPID-1650835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate_studio:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate", product: { name: "oracle_goldengate", product_id: "CSAFPID-1650575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764813", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1503661", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1503663", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673497", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673491", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:20.3.40:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673495", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:21.2.71:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:22.3.45:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:23.3.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673488", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:24.1.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650757", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_19.5.42:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650758", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_20.3.40:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_21.2.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650760", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_22.3.46:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_23.3.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_nosql_database", product: { name: "oracle_nosql_database", product_id: "CSAFPID-1650584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_nosql_database:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_secure_backup", product: { name: "oracle_secure_backup", product_id: "CSAFPID-1650563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_secure_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-667692", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-345049", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-611417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-1673422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_sql_developer", product: { name: "oracle_sql_developer", product_id: "CSAFPID-1650638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_sql_developer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-764822", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-220643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-816870", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-816871", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-1673397", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, { branches: [ { category: "product_name", name: "oracle_application_express", product: { name: "oracle_application_express", product_id: "CSAFPID-1673144", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_application_express:24.1:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle_corporation", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1471", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-220886", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764822", "CSAFPID-1650515", "CSAFPID-1650638", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-89587", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", ], }, references: [ { category: "self", summary: "CVE-2022-1471", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-1471.json", }, ], title: "CVE-2022-1471", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, notes: [ { category: "other", text: "Integer Coercion Error", title: "CWE-192", }, { category: "other", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, ], product_status: { known_affected: [ "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-342816", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-764861", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-219912", "CSAFPID-765238", "CSAFPID-765239", "CSAFPID-765259", "CSAFPID-667692", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2022-34169", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-342816", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-764861", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-219912", "CSAFPID-765238", "CSAFPID-765239", "CSAFPID-765259", "CSAFPID-667692", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2022-34169", }, { cve: "CVE-2022-36033", cwe: { id: "CWE-87", name: "Improper Neutralization of Alternate XSS Syntax", }, notes: [ { category: "other", text: "Improper Neutralization of Alternate XSS Syntax", title: "CWE-87", }, { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-220886", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764861", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-219912", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-667692", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-1503575", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2022-36033", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-220886", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764861", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-219912", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-667692", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-1503575", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2022-36033", }, { cve: "CVE-2022-37454", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-1650563", "CSAFPID-89587", "CSAFPID-764861", ], }, references: [ { category: "self", summary: "CVE-2022-37454", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-37454.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-1650563", "CSAFPID-89587", "CSAFPID-764861", ], }, ], title: "CVE-2022-37454", }, { cve: "CVE-2022-38136", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-38136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38136.json", }, ], title: "CVE-2022-38136", }, { cve: "CVE-2022-40196", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-40196", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40196.json", }, ], title: "CVE-2022-40196", }, { cve: "CVE-2022-41342", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-41342", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41342.json", }, ], title: "CVE-2022-41342", }, { cve: "CVE-2022-42919", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "other", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2022-42919", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42919.json", }, ], title: "CVE-2022-42919", }, { cve: "CVE-2022-45061", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2022-45061", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45061.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, ], title: "CVE-2022-45061", }, { cve: "CVE-2022-46337", product_status: { known_affected: [ "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", ], }, references: [ { category: "self", summary: "CVE-2022-46337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-46337.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", ], }, ], title: "CVE-2022-46337", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-1650584", "CSAFPID-1650835", "CSAFPID-1650506", "CSAFPID-1650515", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-89587", "CSAFPID-1673397", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-345049", "CSAFPID-816801", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764250", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650584", "CSAFPID-1650835", "CSAFPID-1650506", "CSAFPID-1650515", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-89587", "CSAFPID-1673397", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-345049", "CSAFPID-816801", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764250", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-4043", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673405", "CSAFPID-1673397", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-4043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673405", "CSAFPID-1673397", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-4043", }, { cve: "CVE-2023-4759", cwe: { id: "CWE-59", name: "Improper Link Resolution Before File Access ('Link Following')", }, notes: [ { category: "other", text: "Improper Link Resolution Before File Access ('Link Following')", title: "CWE-59", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-1673397", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-4759", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673397", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-4759", }, { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", ], }, references: [ { category: "self", summary: "CVE-2023-4863", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4863.json", }, ], title: "CVE-2023-4863", }, { cve: "CVE-2023-5072", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1650575", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-5072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650575", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-5072", }, { cve: "CVE-2023-26031", cwe: { id: "CWE-426", name: "Untrusted Search Path", }, notes: [ { category: "other", text: "Untrusted Search Path", title: "CWE-426", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-26031", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-26031", }, { cve: "CVE-2023-26551", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26551", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26551.json", }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26551", }, { cve: "CVE-2023-26552", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26552", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26552.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26552", }, { cve: "CVE-2023-26553", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26553", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26553.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26553", }, { cve: "CVE-2023-26554", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26554.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26554", }, { cve: "CVE-2023-26555", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26555", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26555.json", }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26555", }, { cve: "CVE-2023-28484", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-816317", "CSAFPID-764813", "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-28484", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28484.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-816317", "CSAFPID-764813", "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-28484", }, { cve: "CVE-2023-29469", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Double Free", title: "CWE-415", }, ], product_status: { known_affected: [ "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-816317", "CSAFPID-89587", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764250", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-29469", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29469.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-816317", "CSAFPID-89587", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764250", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-29469", }, { cve: "CVE-2023-33201", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-1650584", "CSAFPID-1673397", "CSAFPID-912561", "CSAFPID-345049", "CSAFPID-611390", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-33201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-1650584", "CSAFPID-1673397", "CSAFPID-912561", "CSAFPID-345049", "CSAFPID-611390", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-33201", }, { cve: "CVE-2023-37920", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", ], }, references: [ { category: "self", summary: "CVE-2023-37920", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", ], }, ], title: "CVE-2023-37920", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673404", "CSAFPID-1673384", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-39410", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673404", "CSAFPID-1673384", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-39410", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503603", "CSAFPID-1503575", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503603", "CSAFPID-1503575", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-44981", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, notes: [ { category: "other", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, ], product_status: { known_affected: [ "CSAFPID-1650515", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", ], }, references: [ { category: "self", summary: "CVE-2023-44981", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44981.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650515", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", ], }, ], title: "CVE-2023-44981", }, { cve: "CVE-2023-45288", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-45288", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45288.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-45288", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-1650765", "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650767", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650765", "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650767", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-49083", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49083.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-49083", }, { cve: "CVE-2023-51384", cwe: { id: "CWE-304", name: "Missing Critical Step in Authentication", }, notes: [ { category: "other", text: "Missing Critical Step in Authentication", title: "CWE-304", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-51384", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51384.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-51384", }, { cve: "CVE-2023-51385", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-51385", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51385.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-51385", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2023-52426", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-52426", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52426.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-52426", }, { cve: "CVE-2024-1874", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-1874", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1874.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-1874", }, { cve: "CVE-2024-2408", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "other", text: "Covert Timing Channel", title: "CWE-385", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-2408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2408.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-2408", }, { cve: "CVE-2024-2511", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-2511", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-2511", }, { cve: "CVE-2024-4577", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-4577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", cwe: { id: "CWE-606", name: "Unchecked Input for Loop Condition", }, notes: [ { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-4603", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-4603", }, { cve: "CVE-2024-4741", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-4741", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-4741", }, { cve: "CVE-2024-5458", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-5458", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5458.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-5458", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], product_status: { known_affected: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-5585", cwe: { id: "CWE-116", name: "Improper Encoding or Escaping of Output", }, notes: [ { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-5585", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-5585", }, { cve: "CVE-2024-6119", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, references: [ { category: "self", summary: "CVE-2024-6119", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, ], title: "CVE-2024-6119", }, { cve: "CVE-2024-6232", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], references: [ { category: "self", summary: "CVE-2024-6232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json", }, ], title: "CVE-2024-6232", }, { cve: "CVE-2024-7264", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673529", "CSAFPID-1673479", "CSAFPID-1673511", "CSAFPID-1673512", ], }, references: [ { category: "self", summary: "CVE-2024-7264", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673529", "CSAFPID-1673479", "CSAFPID-1673511", "CSAFPID-1673512", ], }, ], title: "CVE-2024-7264", }, { cve: "CVE-2024-7592", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2024-7592", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json", }, ], title: "CVE-2024-7592", }, { cve: "CVE-2024-21131", product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21131.json", }, ], title: "CVE-2024-21131", }, { cve: "CVE-2024-21138", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21138.json", }, ], title: "CVE-2024-21138", }, { cve: "CVE-2024-21140", product_status: { known_affected: [ "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503299", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21140", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21140.json", }, ], title: "CVE-2024-21140", }, { cve: "CVE-2024-21144", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21144", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21144.json", }, ], title: "CVE-2024-21144", }, { cve: "CVE-2024-21145", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21145", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21145.json", }, ], title: "CVE-2024-21145", }, { cve: "CVE-2024-21147", product_status: { known_affected: [ "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503299", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21147", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21147.json", }, ], title: "CVE-2024-21147", }, { cve: "CVE-2024-21233", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-21233", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21233.json", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-21233", }, { cve: "CVE-2024-21242", product_status: { known_affected: [ "CSAFPID-1673443", "CSAFPID-1673444", "CSAFPID-1673445", ], }, references: [ { category: "self", summary: "CVE-2024-21242", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21242.json", }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-1673443", "CSAFPID-1673444", "CSAFPID-1673445", ], }, ], title: "CVE-2024-21242", }, { cve: "CVE-2024-21251", product_status: { known_affected: [ "CSAFPID-1673450", "CSAFPID-1673451", "CSAFPID-1673452", ], }, references: [ { category: "self", summary: "CVE-2024-21251", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21251.json", }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673450", "CSAFPID-1673451", "CSAFPID-1673452", ], }, ], title: "CVE-2024-21251", }, { cve: "CVE-2024-21261", product_status: { known_affected: [ "CSAFPID-1673144", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-21261", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21261.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673144", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-21261", }, { cve: "CVE-2024-22018", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-22018", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22018.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-22018", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1650831", "CSAFPID-1650825", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650831", "CSAFPID-1650825", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-23944", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-23944", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23944.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-23944", }, { cve: "CVE-2024-24989", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-24989", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24989.json", }, ], title: "CVE-2024-24989", }, { cve: "CVE-2024-24990", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-24990", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24990.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-24990", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-912046", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-912046", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-25710", }, { cve: "CVE-2024-26130", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-26130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-27983", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-27983", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27983.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-27983", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673442", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673442", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-28887", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-28887", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28887.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-28887", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673488", "CSAFPID-1673489", "CSAFPID-1673491", "CSAFPID-1673492", "CSAFPID-1673493", "CSAFPID-1673495", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673488", "CSAFPID-1673489", "CSAFPID-1673491", "CSAFPID-1673492", "CSAFPID-1673493", "CSAFPID-1673495", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29131", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29131", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-31079", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-31079", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31079.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-31079", }, { cve: "CVE-2024-32760", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-32760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-32760", }, { cve: "CVE-2024-34161", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-34161", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34161.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-34161", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673504", "CSAFPID-1673506", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673504", "CSAFPID-1673506", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-35200", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-35200", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35200.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-35200", }, { cve: "CVE-2024-36137", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, { category: "other", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-36137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36137.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-36137", }, { cve: "CVE-2024-36138", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-36138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json", }, ], title: "CVE-2024-36138", }, { cve: "CVE-2024-36387", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-36387", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36387.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-36387", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37372", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-37372", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37372.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-37372", }, { cve: "CVE-2024-38356", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38356", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38356.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38356", }, { cve: "CVE-2024-38357", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38357", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38357.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38357", }, { cve: "CVE-2024-38472", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38472", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38472.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38472", }, { cve: "CVE-2024-38473", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38473", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38473", }, { cve: "CVE-2024-38474", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38474", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38474.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38474", }, { cve: "CVE-2024-38475", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38475", }, { cve: "CVE-2024-38476", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Inclusion of Functionality from Untrusted Control Sphere", title: "CWE-829", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38476", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38476", }, { cve: "CVE-2024-38477", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38477", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38477.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38477", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-39573", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-39573", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39573.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-39573", }, { cve: "CVE-2024-39884", cwe: { id: "CWE-18", name: "-", }, notes: [ { category: "other", text: "CWE-18", title: "CWE-18", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-39884", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39884.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-39884", }, { cve: "CVE-2024-40725", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Exposure of Resource to Wrong Sphere", title: "CWE-668", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, references: [ { category: "self", summary: "CVE-2024-40725", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40725.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, ], title: "CVE-2024-40725", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-45801", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-45801", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-45801", }, ], }
NCSC-2024-0411
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:15
Modified
2024-10-17 13:15
Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Database producten en subsystemen, zoals de Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer en Secure Backup.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van data
- Toegang tot gevoelige gegevens
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-208
Observable Timing Discrepancy
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-755
Improper Handling of Exceptional Conditions
CWE-834
Excessive Iteration
CWE-407
Inefficient Algorithmic Complexity
CWE-178
Improper Handling of Case Sensitivity
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-415
Double Free
CWE-311
Missing Encryption of Sensitive Data
CWE-427
Uncontrolled Search Path Element
CWE-172
Encoding Error
CWE-680
Integer Overflow to Buffer Overflow
CWE-426
Untrusted Search Path
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-116
Improper Encoding or Escaping of Output
CWE-345
Insufficient Verification of Data Authenticity
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-203
Observable Discrepancy
CWE-190
Integer Overflow or Wraparound
CWE-552
Files or Directories Accessible to External Parties
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-275
CWE-275
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-416
Use After Free
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-476
NULL Pointer Dereference
CWE-295
Improper Certificate Validation
CWE-668
Exposure of Resource to Wrong Sphere
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-918
Server-Side Request Forgery (SSRF)
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-681
Incorrect Conversion between Numeric Types
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-269
Improper Privilege Management
CWE-20
Improper Input Validation
CWE-87
Improper Neutralization of Alternate XSS Syntax
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-18
CWE-18
CWE-385
Covert Timing Channel
CWE-606
Unchecked Input for Loop Condition
CWE-192
Integer Coercion Error
CWE-390
Detection of Error Condition Without Action
CWE-1325
Improperly Controlled Sequential Memory Allocation
CWE-222
Truncation of Security-relevant Information
CWE-131
Incorrect Calculation of Buffer Size
CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE-304
Missing Critical Step in Authentication
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Database producten en subsystemen, zoals de Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer en Secure Backup.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "general", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, { category: "general", text: "Double Free", title: "CWE-415", }, { category: "general", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "Encoding Error", title: "CWE-172", }, { category: "general", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, { category: "general", text: "Untrusted Search Path", title: "CWE-426", }, { category: "general", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Observable Discrepancy", title: "CWE-203", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "CWE-275", title: "CWE-275", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Exposure of Resource to Wrong Sphere", title: "CWE-668", }, { category: "general", text: "Inclusion of Functionality from Untrusted Control Sphere", title: "CWE-829", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Alternate XSS Syntax", title: "CWE-87", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "CWE-18", title: "CWE-18", }, { category: "general", text: "Covert Timing Channel", title: "CWE-385", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Integer Coercion Error", title: "CWE-192", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "general", text: "Improper Link Resolution Before File Access ('Link Following')", title: "CWE-59", }, { category: "general", text: "Missing Critical Step in Authentication", title: "CWE-304", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Database producten", tracking: { current_release_date: "2024-10-17T13:15:19.595269Z", id: "NCSC-2024-0411", initial_release_date: "2024-10-17T13:15:19.595269Z", revision_history: [ { date: "2024-10-17T13:15:19.595269Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "database_-_grid", product: { name: "database_-_grid", product_id: "CSAFPID-1673504", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_grid:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_grid", product: { name: "database_-_grid", product_id: "CSAFPID-1673506", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_grid:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673385", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673507", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673509", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673508", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph_mapviewer", product: { name: "spatial_and_graph_mapviewer", product_id: "CSAFPID-912561", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-764250", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673511", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673512", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-816800", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673529", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fleet_patching_and_provisioning_-_micronaut", product: { name: "fleet_patching_and_provisioning_-_micronaut", product_id: "CSAFPID-1673492", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fleet_patching_and_provisioning_-_micronaut:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fleet_patching_and_provisioning", product: { name: "fleet_patching_and_provisioning", product_id: "CSAFPID-1503603", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673445", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673443", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673444", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673451", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673450", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673452", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-816798", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-816799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-1673525", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:prior_to_24.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912046", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816855", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816361", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503302", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816852", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816853", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816854", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sqlcl", product: { name: "sqlcl", product_id: "CSAFPID-816801", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sqlcl", product: { name: "sqlcl", product_id: "CSAFPID-1673405", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sqlcl:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_administration", product: { name: "application_express_administration", product_id: "CSAFPID-764731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_customers_plugin", product: { name: "application_express_customers_plugin", product_id: "CSAFPID-764732", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_team_calendar_plugin", product: { name: "application_express_team_calendar_plugin", product_id: "CSAFPID-764733", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-266119", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1673510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:23.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1503575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1673188", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-765238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:19c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-765239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:21c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "blockchain_platform", product: { name: "blockchain_platform", product_id: "CSAFPID-764779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "blockchain_platform", product: { name: "blockchain_platform", product_id: "CSAFPID-89587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-765259", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:_security_and_provisioning___21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-187448", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-94075", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-220886", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-611394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-816317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-912567", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-1503612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-1673479", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_essbase", product: { name: "oracle_essbase", product_id: "CSAFPID-1650506", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_essbase:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-816845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1650825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1673404", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1650831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.14.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data", product: { name: "goldengate_big_data", product_id: "CSAFPID-764274", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-764752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-1673384", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-220192", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-220193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-816846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-611390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-764803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_veridata", product: { name: "goldengate_veridata", product_id: "CSAFPID-764275", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-342816", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-485902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-219912", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate_stream_analytics", product: { name: "oracle_goldengate_stream_analytics", product_id: "CSAFPID-1650515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "management_pack_for__goldengate", product: { name: "management_pack_for__goldengate", product_id: "CSAFPID-764861", product_identification_helper: { cpe: "cpe:2.3:a:oracle:management_pack_for__goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "management_pack_for__goldengate", product: { name: "management_pack_for__goldengate", product_id: "CSAFPID-1503640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate_studio", product: { name: "oracle_goldengate_studio", product_id: "CSAFPID-1650835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate_studio:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate", product: { name: "oracle_goldengate", product_id: "CSAFPID-1650575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764813", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1503661", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1503663", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673497", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673491", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:20.3.40:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673495", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:21.2.71:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:22.3.45:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:23.3.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673488", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:24.1.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650757", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_19.5.42:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650758", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_20.3.40:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_21.2.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650760", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_22.3.46:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_23.3.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_nosql_database", product: { name: "oracle_nosql_database", product_id: "CSAFPID-1650584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_nosql_database:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_secure_backup", product: { name: "oracle_secure_backup", product_id: "CSAFPID-1650563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_secure_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-667692", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-345049", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-611417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-1673422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_sql_developer", product: { name: "oracle_sql_developer", product_id: "CSAFPID-1650638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_sql_developer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-764822", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-220643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-816870", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-816871", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-1673397", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, { branches: [ { category: "product_name", name: "oracle_application_express", product: { name: "oracle_application_express", product_id: "CSAFPID-1673144", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_application_express:24.1:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle_corporation", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1471", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-220886", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764822", "CSAFPID-1650515", "CSAFPID-1650638", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-89587", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", ], }, references: [ { category: "self", summary: "CVE-2022-1471", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-1471.json", }, ], title: "CVE-2022-1471", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, notes: [ { category: "other", text: "Integer Coercion Error", title: "CWE-192", }, { category: "other", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, ], product_status: { known_affected: [ "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-342816", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-764861", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-219912", "CSAFPID-765238", "CSAFPID-765239", "CSAFPID-765259", "CSAFPID-667692", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2022-34169", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-342816", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-764861", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-219912", "CSAFPID-765238", "CSAFPID-765239", "CSAFPID-765259", "CSAFPID-667692", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2022-34169", }, { cve: "CVE-2022-36033", cwe: { id: "CWE-87", name: "Improper Neutralization of Alternate XSS Syntax", }, notes: [ { category: "other", text: "Improper Neutralization of Alternate XSS Syntax", title: "CWE-87", }, { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-220886", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764861", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-219912", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-667692", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-1503575", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2022-36033", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-220886", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764861", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-219912", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-667692", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-1503575", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2022-36033", }, { cve: "CVE-2022-37454", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-1650563", "CSAFPID-89587", "CSAFPID-764861", ], }, references: [ { category: "self", summary: "CVE-2022-37454", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-37454.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-1650563", "CSAFPID-89587", "CSAFPID-764861", ], }, ], title: "CVE-2022-37454", }, { cve: "CVE-2022-38136", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-38136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38136.json", }, ], title: "CVE-2022-38136", }, { cve: "CVE-2022-40196", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-40196", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40196.json", }, ], title: "CVE-2022-40196", }, { cve: "CVE-2022-41342", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-41342", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41342.json", }, ], title: "CVE-2022-41342", }, { cve: "CVE-2022-42919", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "other", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2022-42919", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42919.json", }, ], title: "CVE-2022-42919", }, { cve: "CVE-2022-45061", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2022-45061", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45061.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, ], title: "CVE-2022-45061", }, { cve: "CVE-2022-46337", product_status: { known_affected: [ "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", ], }, references: [ { category: "self", summary: "CVE-2022-46337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-46337.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", ], }, ], title: "CVE-2022-46337", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-1650584", "CSAFPID-1650835", "CSAFPID-1650506", "CSAFPID-1650515", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-89587", "CSAFPID-1673397", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-345049", "CSAFPID-816801", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764250", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650584", "CSAFPID-1650835", "CSAFPID-1650506", "CSAFPID-1650515", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-89587", "CSAFPID-1673397", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-345049", "CSAFPID-816801", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764250", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-4043", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673405", "CSAFPID-1673397", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-4043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673405", "CSAFPID-1673397", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-4043", }, { cve: "CVE-2023-4759", cwe: { id: "CWE-59", name: "Improper Link Resolution Before File Access ('Link Following')", }, notes: [ { category: "other", text: "Improper Link Resolution Before File Access ('Link Following')", title: "CWE-59", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-1673397", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-4759", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673397", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-4759", }, { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", ], }, references: [ { category: "self", summary: "CVE-2023-4863", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4863.json", }, ], title: "CVE-2023-4863", }, { cve: "CVE-2023-5072", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1650575", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-5072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650575", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-5072", }, { cve: "CVE-2023-26031", cwe: { id: "CWE-426", name: "Untrusted Search Path", }, notes: [ { category: "other", text: "Untrusted Search Path", title: "CWE-426", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-26031", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-26031", }, { cve: "CVE-2023-26551", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26551", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26551.json", }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26551", }, { cve: "CVE-2023-26552", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26552", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26552.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26552", }, { cve: "CVE-2023-26553", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26553", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26553.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26553", }, { cve: "CVE-2023-26554", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26554.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26554", }, { cve: "CVE-2023-26555", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26555", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26555.json", }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26555", }, { cve: "CVE-2023-28484", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-816317", "CSAFPID-764813", "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-28484", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28484.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-816317", "CSAFPID-764813", "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-28484", }, { cve: "CVE-2023-29469", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Double Free", title: "CWE-415", }, ], product_status: { known_affected: [ "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-816317", "CSAFPID-89587", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764250", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-29469", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29469.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-816317", "CSAFPID-89587", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764250", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-29469", }, { cve: "CVE-2023-33201", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-1650584", "CSAFPID-1673397", "CSAFPID-912561", "CSAFPID-345049", "CSAFPID-611390", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-33201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-1650584", "CSAFPID-1673397", "CSAFPID-912561", "CSAFPID-345049", "CSAFPID-611390", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-33201", }, { cve: "CVE-2023-37920", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", ], }, references: [ { category: "self", summary: "CVE-2023-37920", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", ], }, ], title: "CVE-2023-37920", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673404", "CSAFPID-1673384", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-39410", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673404", "CSAFPID-1673384", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-39410", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503603", "CSAFPID-1503575", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503603", "CSAFPID-1503575", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-44981", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, notes: [ { category: "other", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, ], product_status: { known_affected: [ "CSAFPID-1650515", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", ], }, references: [ { category: "self", summary: "CVE-2023-44981", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44981.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650515", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", ], }, ], title: "CVE-2023-44981", }, { cve: "CVE-2023-45288", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-45288", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45288.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-45288", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-1650765", "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650767", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650765", "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650767", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-49083", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49083.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-49083", }, { cve: "CVE-2023-51384", cwe: { id: "CWE-304", name: "Missing Critical Step in Authentication", }, notes: [ { category: "other", text: "Missing Critical Step in Authentication", title: "CWE-304", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-51384", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51384.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-51384", }, { cve: "CVE-2023-51385", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-51385", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51385.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-51385", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2023-52426", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-52426", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52426.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-52426", }, { cve: "CVE-2024-1874", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-1874", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1874.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-1874", }, { cve: "CVE-2024-2408", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "other", text: "Covert Timing Channel", title: "CWE-385", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-2408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2408.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-2408", }, { cve: "CVE-2024-2511", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-2511", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-2511", }, { cve: "CVE-2024-4577", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-4577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", cwe: { id: "CWE-606", name: "Unchecked Input for Loop Condition", }, notes: [ { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-4603", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-4603", }, { cve: "CVE-2024-4741", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-4741", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-4741", }, { cve: "CVE-2024-5458", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-5458", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5458.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-5458", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], product_status: { known_affected: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-5585", cwe: { id: "CWE-116", name: "Improper Encoding or Escaping of Output", }, notes: [ { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-5585", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-5585", }, { cve: "CVE-2024-6119", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, references: [ { category: "self", summary: "CVE-2024-6119", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, ], title: "CVE-2024-6119", }, { cve: "CVE-2024-6232", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], references: [ { category: "self", summary: "CVE-2024-6232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json", }, ], title: "CVE-2024-6232", }, { cve: "CVE-2024-7264", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673529", "CSAFPID-1673479", "CSAFPID-1673511", "CSAFPID-1673512", ], }, references: [ { category: "self", summary: "CVE-2024-7264", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673529", "CSAFPID-1673479", "CSAFPID-1673511", "CSAFPID-1673512", ], }, ], title: "CVE-2024-7264", }, { cve: "CVE-2024-7592", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2024-7592", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json", }, ], title: "CVE-2024-7592", }, { cve: "CVE-2024-21131", product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21131.json", }, ], title: "CVE-2024-21131", }, { cve: "CVE-2024-21138", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21138.json", }, ], title: "CVE-2024-21138", }, { cve: "CVE-2024-21140", product_status: { known_affected: [ "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503299", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21140", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21140.json", }, ], title: "CVE-2024-21140", }, { cve: "CVE-2024-21144", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21144", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21144.json", }, ], title: "CVE-2024-21144", }, { cve: "CVE-2024-21145", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21145", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21145.json", }, ], title: "CVE-2024-21145", }, { cve: "CVE-2024-21147", product_status: { known_affected: [ "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503299", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21147", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21147.json", }, ], title: "CVE-2024-21147", }, { cve: "CVE-2024-21233", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-21233", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21233.json", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-21233", }, { cve: "CVE-2024-21242", product_status: { known_affected: [ "CSAFPID-1673443", "CSAFPID-1673444", "CSAFPID-1673445", ], }, references: [ { category: "self", summary: "CVE-2024-21242", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21242.json", }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-1673443", "CSAFPID-1673444", "CSAFPID-1673445", ], }, ], title: "CVE-2024-21242", }, { cve: "CVE-2024-21251", product_status: { known_affected: [ "CSAFPID-1673450", "CSAFPID-1673451", "CSAFPID-1673452", ], }, references: [ { category: "self", summary: "CVE-2024-21251", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21251.json", }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673450", "CSAFPID-1673451", "CSAFPID-1673452", ], }, ], title: "CVE-2024-21251", }, { cve: "CVE-2024-21261", product_status: { known_affected: [ "CSAFPID-1673144", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-21261", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21261.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673144", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-21261", }, { cve: "CVE-2024-22018", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-22018", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22018.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-22018", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1650831", "CSAFPID-1650825", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650831", "CSAFPID-1650825", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-23944", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-23944", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23944.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-23944", }, { cve: "CVE-2024-24989", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-24989", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24989.json", }, ], title: "CVE-2024-24989", }, { cve: "CVE-2024-24990", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-24990", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24990.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-24990", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-912046", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-912046", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-25710", }, { cve: "CVE-2024-26130", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-26130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-27983", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-27983", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27983.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-27983", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673442", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673442", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-28887", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-28887", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28887.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-28887", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673488", "CSAFPID-1673489", "CSAFPID-1673491", "CSAFPID-1673492", "CSAFPID-1673493", "CSAFPID-1673495", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673488", "CSAFPID-1673489", "CSAFPID-1673491", "CSAFPID-1673492", "CSAFPID-1673493", "CSAFPID-1673495", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29131", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29131", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-31079", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-31079", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31079.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-31079", }, { cve: "CVE-2024-32760", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-32760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-32760", }, { cve: "CVE-2024-34161", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-34161", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34161.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-34161", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673504", "CSAFPID-1673506", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673504", "CSAFPID-1673506", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-35200", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-35200", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35200.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-35200", }, { cve: "CVE-2024-36137", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, { category: "other", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-36137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36137.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-36137", }, { cve: "CVE-2024-36138", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-36138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json", }, ], title: "CVE-2024-36138", }, { cve: "CVE-2024-36387", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-36387", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36387.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-36387", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37372", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-37372", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37372.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-37372", }, { cve: "CVE-2024-38356", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38356", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38356.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38356", }, { cve: "CVE-2024-38357", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38357", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38357.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38357", }, { cve: "CVE-2024-38472", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38472", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38472.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38472", }, { cve: "CVE-2024-38473", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38473", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38473", }, { cve: "CVE-2024-38474", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38474", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38474.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38474", }, { cve: "CVE-2024-38475", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38475", }, { cve: "CVE-2024-38476", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Inclusion of Functionality from Untrusted Control Sphere", title: "CWE-829", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38476", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38476", }, { cve: "CVE-2024-38477", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38477", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38477.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38477", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-39573", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-39573", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39573.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-39573", }, { cve: "CVE-2024-39884", cwe: { id: "CWE-18", name: "-", }, notes: [ { category: "other", text: "CWE-18", title: "CWE-18", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-39884", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39884.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-39884", }, { cve: "CVE-2024-40725", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Exposure of Resource to Wrong Sphere", title: "CWE-668", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, references: [ { category: "self", summary: "CVE-2024-40725", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40725.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, ], title: "CVE-2024-40725", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-45801", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-45801", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-45801", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.