Action not permitted
Modal body text goes here.
wid-sec-w-2022-2372
Vulnerability from csaf_certbund
Published
2022-12-19 23:00
Modified
2023-01-19 23:00
Summary
genua genugate: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.
Angriff
Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Sonstiges
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-2372 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2372.json" }, { "category": "self", "summary": "WID-SEC-2022-2372 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2372" }, { "category": "external", "summary": "Genua Patch vom 2022-12-19", "url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-105p1-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=37a9613baf9adebc3e20772aaa249fc3" }, { "category": "external", "summary": "Genua Patch vom 2022-12-19", "url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-104p2-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=9cc97408444883591a94c7b03271ff7b" }, { "category": "external", "summary": "Genua Patch vom 2022-12-19", "url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-100p12-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=ef1c457a05f6f4465cc46f9369fe23d5" } ], "source_lang": "en-US", "title": "genua genugate: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-01-19T23:00:00.000+00:00", "generator": { "date": "2024-08-15T17:40:14.418+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2022-2372", "initial_release_date": "2022-12-19T23:00:00.000+00:00", "revision_history": [ { "date": "2022-12-19T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-01-19T23:00:00.000+00:00", "number": "2", "summary": "CVE Nummern erg\u00e4nzt; Hinweis: nicht alle CVE bei genugate ausnutzbar" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "genua genugate \u003c 10.0p12", "product": { "name": "genua genugate \u003c 10.0p12", "product_id": "T025654", "product_identification_helper": { "cpe": "cpe:/h:genua:genugate:10.0p12" } } }, { "category": "product_name", "name": "genua genugate \u003c 10.4p2", "product": { "name": "genua genugate \u003c 10.4p2", "product_id": "T025655", "product_identification_helper": { "cpe": "cpe:/h:genua:genugate:10.4p2" } } }, { "category": "product_name", "name": "genua genugate \u003c 10.5p1", "product": { "name": "genua genugate \u003c 10.5p1", "product_id": "T025656", "product_identification_helper": { "cpe": "cpe:/h:genua:genugate:10.5p1" } } } ], "category": "product_name", "name": "genugate" } ], "category": "vendor", "name": "genua" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-44640", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-44640" }, { "cve": "CVE-2022-44638", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-44638" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-42916", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-42916" }, { "cve": "CVE-2022-42915", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-42915" }, { "cve": "CVE-2022-42898", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-42898" }, { "cve": "CVE-2022-41916", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-41916" }, { "cve": "CVE-2022-40674", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-40674" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-35260", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-35260" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-3437", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-3437" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2022-32221" }, { "cve": "CVE-2021-44758", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2021-44758" }, { "cve": "CVE-2021-3671", "notes": [ { "category": "description", "text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen." } ], "release_date": "2022-12-19T23:00:00.000+00:00", "title": "CVE-2021-3671" } ] }
cve-2022-3437
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-10-28 18:59
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:samba:samba:4.15.11:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "samba", "vendor": "samba", "versions": [ { "status": "unaffected", "version": "4.15.11" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-3437", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-22T18:53:20.072020Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-28T18:59:39.543Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:06.624Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774" }, { "tags": [ "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2022-3437.html" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-3437" }, { "name": "[oss-security] 20230208 [vs] heimdal: CVE-2022-45142: signature validation failure", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/08/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "name": "GLSA-202309-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-06" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-06" }, { "name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "samba", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in samba 4.15.11, samba 4.16.6, samba 4.17.2." } ] } ], "descriptions": [ { "lang": "en", "value": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 - Heap-based Buffer Overflow, CWE-787 - Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-22T16:06:05.042792", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774" }, { "url": "https://www.samba.org/samba/security/CVE-2022-3437.html" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-3437" }, { "name": "[oss-security] 20230208 [vs] heimdal: CVE-2022-45142: signature validation failure", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/08/1" }, { "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "name": "GLSA-202309-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-06" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-06" }, { "name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3437", "datePublished": "2023-01-12T00:00:00", "dateReserved": "2022-10-10T00:00:00", "dateUpdated": "2024-10-28T18:59:39.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44638
Vulnerability from cvelistv5
Published
2022-11-03 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/pixman/pixman/-/issues/63" }, { "name": "[oss-security] 20221104 Fwd: [ANNOUNCE] pixman release 0.42.2 now available", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/05/1" }, { "name": "[debian-lts-announce] 20221107 [SECURITY] [DLA 3179-1] pixman security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html" }, { "name": "FEDORA-2022-ae2559a8f4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/" }, { "name": "DSA-5276", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5276" }, { "name": "FEDORA-2022-3cf0e7ebc7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/" }, { "name": "FEDORA-2022-f3a939e960", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/170121/pixman-pixman_sample_floor_y-Integer-Overflow.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-07T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.freedesktop.org/pixman/pixman/-/issues/63" }, { "name": "[oss-security] 20221104 Fwd: [ANNOUNCE] pixman release 0.42.2 now available", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/05/1" }, { "name": "[debian-lts-announce] 20221107 [SECURITY] [DLA 3179-1] pixman security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html" }, { "name": "FEDORA-2022-ae2559a8f4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/" }, { "name": "DSA-5276", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5276" }, { "name": "FEDORA-2022-3cf0e7ebc7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/" }, { "name": "FEDORA-2022-f3a939e960", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/" }, { "url": "http://packetstormsecurity.com/files/170121/pixman-pixman_sample_floor_y-Integer-Overflow.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-44638", "datePublished": "2022-11-03T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-03T13:54:03.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42898
Vulnerability from cvelistv5
Published
2022-12-25 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.317Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://web.mit.edu/kerberos/advisories/" }, { "tags": [ "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2022-42898.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583" }, { "tags": [ "x_transferred" ], "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c" }, { "tags": [ "x_transferred" ], "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt" }, { "tags": [ "x_transferred" ], "url": "https://web.mit.edu/kerberos/krb5-1.19/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230223-0001/" }, { "name": "GLSA-202309-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-06" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-08T08:06:38.475643", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://web.mit.edu/kerberos/advisories/" }, { "url": "https://www.samba.org/samba/security/CVE-2022-42898.html" }, { "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583" }, { "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c" }, { "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt" }, { "url": "https://web.mit.edu/kerberos/krb5-1.19/" }, { "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203" }, { "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "url": "https://security.netapp.com/advisory/ntap-20230223-0001/" }, { "name": "GLSA-202309-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-06" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-06" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42898", "datePublished": "2022-12-25T00:00:00", "dateReserved": "2022-10-13T00:00:00", "dateUpdated": "2024-08-03T13:19:05.317Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35260
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-11-19 20:09
Severity ?
EPSS score ?
Summary
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.86.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:29:17.464Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1721098" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230110-0006/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-35260", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-27T19:48:27.630222Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T20:09:10.400Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.86.0" } ] } ], "descriptions": [ { "lang": "en", "value": "curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1721098" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "url": "https://security.netapp.com/advisory/ntap-20230110-0006/" }, { "url": "https://support.apple.com/kb/HT213604" }, { "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-35260", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-07-06T00:00:00", "dateUpdated": "2024-11-19T20:09:10.400Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32221
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.86.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.010Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1704017" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230110-0006/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" }, { "name": "DSA-5330", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5330" }, { "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230208-0002/" }, { "name": "[oss-security] 20230517 curl: CVE-2023-28322: more POST-after-PUT confusion", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/05/17/4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.86.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "Information Disclosure (CWE-200)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-17T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1704017" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "url": "https://security.netapp.com/advisory/ntap-20230110-0006/" }, { "url": "https://support.apple.com/kb/HT213604" }, { "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" }, { "name": "DSA-5330", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5330" }, { "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230208-0002/" }, { "name": "[oss-security] 20230517 curl: CVE-2023-28322: more POST-after-PUT confusion", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/05/17/4" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-32221", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:56.010Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41916
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
Read one byte past a buffer when normalizing Unicode
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.394Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx" }, { "name": "DSA-5287", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5287" }, { "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "heimdal", "vendor": "heimdal", "versions": [ { "status": "affected", "version": "\u003c 7.7.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-193", "description": "CWE-193: Off-by-one Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-08T08:06:36.676150", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx" }, { "name": "DSA-5287", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5287" }, { "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-06" } ], "source": { "advisory": "GHSA-mgqr-gvh6-23cx", "discovery": "UNKNOWN" }, "title": "Read one byte past a buffer when normalizing Unicode" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-41916", "datePublished": "2022-11-15T00:00:00", "dateReserved": "2022-09-30T00:00:00", "dateUpdated": "2024-08-03T12:56:38.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44640
Vulnerability from cvelistv5
Published
2022-12-25 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-08T08:06:33.314988", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4" }, { "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-06" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-44640", "datePublished": "2022-12-25T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-03T13:54:03.949Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40674
Vulnerability from cvelistv5
Published
2022-09-14 00:00
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:21:46.545Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libexpat/libexpat/pull/629" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libexpat/libexpat/pull/640" }, { "name": "DSA-5236", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5236" }, { "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3119-1] expat security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html" }, { "name": "GLSA-202209-24", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "name": "FEDORA-2022-15ec504440", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/" }, { "name": "FEDORA-2022-c68d90efc3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221028-0008/" }, { "name": "FEDORA-2022-d93b3bd8b9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/" }, { "name": "FEDORA-2022-c22feb71ba", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/" }, { "name": "FEDORA-2022-dcb1d7bcb1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/" }, { "name": "GLSA-202211-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202211-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-22T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libexpat/libexpat/pull/629" }, { "url": "https://github.com/libexpat/libexpat/pull/640" }, { "name": "DSA-5236", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5236" }, { "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3119-1] expat security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html" }, { "name": "GLSA-202209-24", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "name": "FEDORA-2022-15ec504440", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/" }, { "name": "FEDORA-2022-c68d90efc3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/" }, { "url": "https://security.netapp.com/advisory/ntap-20221028-0008/" }, { "name": "FEDORA-2022-d93b3bd8b9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/" }, { "name": "FEDORA-2022-c22feb71ba", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/" }, { "name": "FEDORA-2022-dcb1d7bcb1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/" }, { "name": "GLSA-202211-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202211-06" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40674", "datePublished": "2022-09-14T00:00:00", "dateReserved": "2022-09-14T00:00:00", "dateUpdated": "2024-08-03T12:21:46.545Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42916
Vulnerability from cvelistv5
Published
2022-10-29 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://curl.se/docs/CVE-2022-42916.html" }, { "name": "FEDORA-2022-01ffde372c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/" }, { "name": "FEDORA-2022-39688a779d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/" }, { "name": "FEDORA-2022-e9d65906c4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "name": "[oss-security] 20221221 curl: CVE-2022-43551: Another HSTS bypass via IDN", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/21/1" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://curl.se/docs/CVE-2022-42916.html" }, { "name": "FEDORA-2022-01ffde372c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/" }, { "name": "FEDORA-2022-39688a779d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/" }, { "name": "FEDORA-2022-e9d65906c4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/" }, { "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "name": "[oss-security] 20221221 curl: CVE-2022-43551: Another HSTS bypass via IDN", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/21/1" }, { "url": "https://support.apple.com/kb/HT213604" }, { "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42916", "datePublished": "2022-10-29T00:00:00", "dateReserved": "2022-10-13T00:00:00", "dateUpdated": "2024-08-03T13:19:05.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42915
Vulnerability from cvelistv5
Published
2022-10-29 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.396Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://curl.se/docs/CVE-2022-42915.html" }, { "name": "FEDORA-2022-01ffde372c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/" }, { "name": "FEDORA-2022-39688a779d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/" }, { "name": "FEDORA-2022-e9d65906c4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://curl.se/docs/CVE-2022-42915.html" }, { "name": "FEDORA-2022-01ffde372c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/" }, { "name": "FEDORA-2022-39688a779d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/" }, { "name": "FEDORA-2022-e9d65906c4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/" }, { "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "url": "https://support.apple.com/kb/HT213604" }, { "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42915", "datePublished": "2022-10-29T00:00:00", "dateReserved": "2022-10-13T00:00:00", "dateUpdated": "2024-08-03T13:19:05.396Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3671
Vulnerability from cvelistv5
Published
2021-10-12 00:00
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:01:07.967Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013080%2C" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.samba.org/show_bug.cgi?id=14770%2C" }, { "tags": [ "x_transferred" ], "url": "https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a" }, { "name": "DSA-5287", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5287" }, { "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221215-0002/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Samba", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in samba 4.13.12, samba 4.14.8" } ] } ], "descriptions": [ { "lang": "en", "value": "A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013080%2C" }, { "url": "https://bugzilla.samba.org/show_bug.cgi?id=14770%2C" }, { "url": "https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a" }, { "name": "DSA-5287", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5287" }, { "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html" }, { "url": "https://security.netapp.com/advisory/ntap-20221215-0002/" }, { "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3671", "datePublished": "2021-10-12T00:00:00", "dateReserved": "2021-07-30T00:00:00", "dateUpdated": "2024-08-03T17:01:07.967Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44758
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:32:13.136Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv" }, { "tags": [ "x_transferred" ], "url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv" }, { "url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580" }, { "url": "https://security.gentoo.org/glsa/202310-06" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44758", "datePublished": "2022-12-26T00:00:00", "dateReserved": "2021-12-08T00:00:00", "dateUpdated": "2024-08-04T04:32:13.136Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35252
Vulnerability from cvelistv5
Published
2022-09-23 00:00
Modified
2024-08-03 09:29
Severity ?
EPSS score ?
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in curl 7.85.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:29:17.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1613943" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220930-0005/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213603" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/21" }, { "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in curl 7.85.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-28T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1613943" }, { "url": "https://security.netapp.com/advisory/ntap-20220930-0005/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "url": "https://support.apple.com/kb/HT213603" }, { "url": "https://support.apple.com/kb/HT213604" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/21" }, { "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-35252", "datePublished": "2022-09-23T00:00:00", "dateReserved": "2022-07-06T00:00:00", "dateUpdated": "2024-08-03T09:29:17.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40303
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:40.053Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213534" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213533" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213531" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213535" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/25" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/24" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0" }, { "url": "https://security.netapp.com/advisory/ntap-20221209-0003/" }, { "url": "https://support.apple.com/kb/HT213534" }, { "url": "https://support.apple.com/kb/HT213533" }, { "url": "https://support.apple.com/kb/HT213531" }, { "url": "https://support.apple.com/kb/HT213536" }, { "url": "https://support.apple.com/kb/HT213535" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/25" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/24" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40303", "datePublished": "2022-11-22T00:00:00", "dateReserved": "2022-09-09T00:00:00", "dateUpdated": "2024-08-03T12:14:40.053Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40304
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:40.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213534" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213533" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213531" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213535" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/25" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/24" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b" }, { "url": "https://security.netapp.com/advisory/ntap-20221209-0003/" }, { "url": "https://support.apple.com/kb/HT213534" }, { "url": "https://support.apple.com/kb/HT213533" }, { "url": "https://support.apple.com/kb/HT213531" }, { "url": "https://support.apple.com/kb/HT213536" }, { "url": "https://support.apple.com/kb/HT213535" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/25" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/24" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40304", "datePublished": "2022-11-23T00:00:00", "dateReserved": "2022-09-09T00:00:00", "dateUpdated": "2024-08-03T12:14:40.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43680
Vulnerability from cvelistv5
Published
2022-10-24 00:00
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.144Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libexpat/libexpat/pull/650" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libexpat/libexpat/issues/649" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libexpat/libexpat/pull/616" }, { "name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html" }, { "name": "DSA-5266", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5266" }, { "name": "GLSA-202210-38", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-38" }, { "name": "FEDORA-2022-ae2559a8f4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/" }, { "name": "FEDORA-2022-3cf0e7ebc7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/" }, { "name": "FEDORA-2022-f3a939e960", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/" }, { "name": "FEDORA-2022-5f1e2e9016", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/" }, { "name": "FEDORA-2022-49db80f821", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/" }, { "name": "FEDORA-2022-c43235716e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221118-0007/" }, { "name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/28/5" }, { "name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/03/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-03T12:06:22.913559", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libexpat/libexpat/pull/650" }, { "url": "https://github.com/libexpat/libexpat/issues/649" }, { "url": "https://github.com/libexpat/libexpat/pull/616" }, { "name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html" }, { "name": "DSA-5266", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5266" }, { "name": "GLSA-202210-38", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-38" }, { "name": "FEDORA-2022-ae2559a8f4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/" }, { "name": "FEDORA-2022-3cf0e7ebc7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/" }, { "name": "FEDORA-2022-f3a939e960", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/" }, { "name": "FEDORA-2022-5f1e2e9016", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/" }, { "name": "FEDORA-2022-49db80f821", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/" }, { "name": "FEDORA-2022-c43235716e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/" }, { "url": "https://security.netapp.com/advisory/ntap-20221118-0007/" }, { "name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/28/5" }, { "name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/03/5" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-43680", "datePublished": "2022-10-24T00:00:00", "dateReserved": "2022-10-24T00:00:00", "dateUpdated": "2024-08-03T13:40:06.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.