Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-0001
Vulnerability from csaf_certbund
Published
2025-01-01 23:00
Modified
2025-01-06 23:00
Summary
IBM DB2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff
Ein entfernter oder lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter oder lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2025-0001 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0001.json", }, { category: "self", summary: "WID-SEC-2025-0001 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0001", }, { category: "external", summary: "IBM Security Bulletin vom 2025-01-01", url: "https://www.ibm.com/support/pages/node/7180105", }, { category: "external", summary: "IBM Security Bulletin 7180361 vom 2025-01-07", url: "https://www.ibm.com/support/pages/node/7180361", }, ], source_lang: "en-US", title: "IBM DB2: Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-06T23:00:00.000+00:00", generator: { date: "2025-01-07T11:42:20.646+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2025-0001", initial_release_date: "2025-01-01T23:00:00.000+00:00", revision_history: [ { date: "2025-01-01T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2025-01-06T23:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<5.1.0", product: { name: "IBM DB2 <5.1.0", product_id: "T039987", }, }, { category: "product_version", name: "5.1.0", product: { name: "IBM DB2 5.1.0", product_id: "T039987-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:db2:5.1.0", }, }, }, { category: "product_version_range", name: "Warehouse <5.1.0", product: { name: "IBM DB2 Warehouse <5.1.0", product_id: "T039988", }, }, { category: "product_version", name: "Warehouse 5.1.0", product: { name: "IBM DB2 Warehouse 5.1.0", product_id: "T039988-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:db2:warehouse__5.1.0", }, }, }, ], category: "product_name", name: "DB2", }, { branches: [ { category: "product_version_range", name: "<10.1.6.4", product: { name: "IBM Spectrum Protect Plus <10.1.6.4", product_id: "T040030", }, }, { category: "product_version", name: "10.1.6.4", product: { name: "IBM Spectrum Protect Plus 10.1.6.4", product_id: "T040030-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:spectrum_protect_plus:10.1.6.4", }, }, }, ], category: "product_name", name: "Spectrum Protect Plus", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2021-32740", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2021-32740", }, { cve: "CVE-2021-41186", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2021-41186", }, { cve: "CVE-2022-0759", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2022-0759", }, { cve: "CVE-2022-24795", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2022-24795", }, { cve: "CVE-2022-31163", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2022-31163", }, { cve: "CVE-2023-39325", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2023-39325", }, { cve: "CVE-2023-41993", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2023-41993", }, { cve: "CVE-2023-45283", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2023-45283", }, { cve: "CVE-2023-45288", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2023-45288", }, { cve: "CVE-2023-6597", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2023-6597", }, { cve: "CVE-2024-0406", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-0406", }, { cve: "CVE-2024-20918", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-20918", }, { cve: "CVE-2024-20952", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-20952", }, { cve: "CVE-2024-2398", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-2398", }, { cve: "CVE-2024-24786", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-24786", }, { cve: "CVE-2024-27281", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-27281", }, { cve: "CVE-2024-2961", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-2961", }, { cve: "CVE-2024-29857", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-29857", }, { cve: "CVE-2024-33599", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-33599", }, { cve: "CVE-2024-33883", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-33883", }, { cve: "CVE-2024-37370", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-37371", }, { cve: "CVE-2024-37890", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-37890", }, { cve: "CVE-2024-39338", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-39338", }, { cve: "CVE-2024-4068", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-4068", }, { cve: "CVE-2024-41110", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-41110", }, { cve: "CVE-2024-41123", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-41123", }, { cve: "CVE-2024-41946", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-41946", }, { cve: "CVE-2024-45296", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-45296", }, { cve: "CVE-2024-45491", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-45491", }, { cve: "CVE-2024-45590", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-45590", }, { cve: "CVE-2024-47220", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-47220", }, { cve: "CVE-2024-47554", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-47554", }, { cve: "CVE-2024-6119", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-6119", }, { cve: "CVE-2024-6345", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-6345", }, ], }
cve-2024-20952
Vulnerability from cvelistv5
Published
2024-01-16 21:41
Modified
2025-02-13 17:32
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u391 Version: Oracle Java SE:8u391-perf Version: Oracle Java SE:11.0.21 Version: Oracle Java SE:17.0.9 Version: Oracle Java SE:21.0.1 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM for JDK:21.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:06:37.367Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-20952", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-25T05:01:04.858571Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-30T15:29:52.965Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u391", }, { status: "affected", version: "Oracle Java SE:8u391-perf", }, { status: "affected", version: "Oracle Java SE:11.0.21", }, { status: "affected", version: "Oracle Java SE:17.0.9", }, { status: "affected", version: "Oracle Java SE:21.0.1", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.9", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.12", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.8", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.4", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-01T17:06:51.113Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-20952", datePublished: "2024-01-16T21:41:20.593Z", dateReserved: "2023-12-07T22:28:10.627Z", dateUpdated: "2025-02-13T17:32:42.633Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29857
Vulnerability from cvelistv5
Published
2024-05-09 04:17
Modified
2025-02-13 15:47
Severity ?
EPSS score ?
Summary
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-12-06T13:09:29.357Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.bouncycastle.org/latest_releases.html", }, { tags: [ "x_transferred", ], url: "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857", }, { tags: [ "x_transferred", ], url: "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857", }, { url: "https://security.netapp.com/advisory/ntap-20241206-0008/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bc-java", vendor: "bouncycastle", versions: [ { lessThanOrEqual: "1.77", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:bouncycastle:bc-fja:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bc-fja", vendor: "bouncycastle", versions: [ { lessThanOrEqual: "1.0.2.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:bouncycastle:bc_c_.net:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bc_c_.net", vendor: "bouncycastle", versions: [ { lessThanOrEqual: "2.3.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-29857", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T19:32:50.624122Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-15T18:48:02.823Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-13T16:50:06.548Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.bouncycastle.org/latest_releases.html", }, { url: "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857", }, { url: "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-29857", datePublished: "2024-05-09T04:17:29.645Z", dateReserved: "2024-03-21T00:00:00.000Z", dateUpdated: "2025-02-13T15:47:48.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39338
Vulnerability from cvelistv5
Published
2024-08-09 00:00
Modified
2024-08-15 19:26
Severity ?
EPSS score ?
Summary
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*", ], defaultStatus: "unknown", product: "axios", vendor: "axios", versions: [ { status: "affected", version: "1.7.2", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39338", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-15T19:24:57.844261Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-15T19:26:34.904Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-09T15:00:16.583997", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/axios/axios/releases", }, { url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39338", datePublished: "2024-08-09T00:00:00", dateReserved: "2024-06-23T00:00:00", dateUpdated: "2024-08-15T19:26:34.904Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2961
Vulnerability from cvelistv5
Published
2024-04-17 17:27
Modified
2025-02-13 17:47
Severity ?
EPSS score ?
Summary
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Version: 2.1.93 < 2.40 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "glibc", vendor: "gnu", versions: [ { lessThan: "2.40", status: "affected", version: "2.1.93", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-2961", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-30T04:00:23.144191Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:29:57.648Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-11-15T15:22:29.055Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", }, { url: "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2", }, { url: "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3", }, { tags: [ "x_transferred", ], url: "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/24/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/9", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/18/4", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/27/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/27/6", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/27/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/27/4", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/27/5", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/27/3", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240531-0002/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/22/5", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "glibc", vendor: "The GNU C Library", versions: [ { lessThan: "2.40", status: "affected", version: "2.1.93", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Charles Fol", }, ], datePublic: "2024-04-17T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.<br>", }, ], value: "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-22T18:06:06.282Z", orgId: "3ff69d7a-14f2-4f67-a097-88dee7810d18", shortName: "glibc", }, references: [ { url: "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/24/2", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/17/9", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/18/4", }, { url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/27/2", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/27/6", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/27/1", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/27/4", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/27/5", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/27/3", }, { url: "https://security.netapp.com/advisory/ntap-20240531-0002/", }, { url: "http://www.openwall.com/lists/oss-security/2024/07/22/5", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "3ff69d7a-14f2-4f67-a097-88dee7810d18", assignerShortName: "glibc", cveId: "CVE-2024-2961", datePublished: "2024-04-17T17:27:40.541Z", dateReserved: "2024-03-26T19:29:31.186Z", dateUpdated: "2025-02-13T17:47:40.702Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33599
Vulnerability from cvelistv5
Published
2024-05-06 19:21
Modified
2025-03-26 20:40
Severity ?
EPSS score ?
Summary
nscd: Stack-based buffer overflow in netgroup cache
If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted
by client requests then a subsequent client request for netgroup data
may result in a stack-based buffer overflow. This flaw was introduced
in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Version: 2.15 < 2.40 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33599", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T19:01:02.703174Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T20:40:00.393Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240524-0011/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/22/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "glibc", vendor: "The GNU C Library", versions: [ { lessThan: "2.40", status: "affected", version: "2.15", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "nscd: Stack-based buffer overflow in netgroup cache<br><br>If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted<br>by client requests then a subsequent client request for netgroup data<br>may result in a stack-based buffer overflow. This flaw was introduced<br>in glibc 2.15 when the cache was added to nscd.<br><br>This vulnerability is only present in the nscd binary.<br>", }, ], value: "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-22T18:06:10.829Z", orgId: "3ff69d7a-14f2-4f67-a097-88dee7810d18", shortName: "glibc", }, references: [ { url: "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", }, { url: "https://security.netapp.com/advisory/ntap-20240524-0011/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", }, { url: "http://www.openwall.com/lists/oss-security/2024/07/22/5", }, ], source: { discovery: "UNKNOWN", }, title: "nscd: Stack-based buffer overflow in netgroup cache", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "3ff69d7a-14f2-4f67-a097-88dee7810d18", assignerShortName: "glibc", cveId: "CVE-2024-33599", datePublished: "2024-05-06T19:21:54.314Z", dateReserved: "2024-04-24T20:35:08.340Z", dateUpdated: "2025-03-26T20:40:00.393Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39325
Vulnerability from cvelistv5
Published
2023-10-11 21:15
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Go standard library | net/http |
Version: 0 ≤ Version: 1.21.0-0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.746Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/issue/63417", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/534215", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/534235", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2023-2102", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231110-0008/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "net/http", product: "net/http", programRoutines: [ { name: "http2serverConn.serve", }, { name: "http2serverConn.processHeaders", }, { name: "http2serverConn.upgradeRequest", }, { name: "http2serverConn.runHandler", }, { name: "ListenAndServe", }, { name: "ListenAndServeTLS", }, { name: "Serve", }, { name: "ServeTLS", }, { name: "Server.ListenAndServe", }, { name: "Server.ListenAndServeTLS", }, { name: "Server.Serve", }, { name: "Server.ServeTLS", }, { name: "http2Server.ServeConn", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.20.10", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.21.3", status: "affected", version: "1.21.0-0", versionType: "semver", }, ], }, { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "golang.org/x/net/http2", product: "golang.org/x/net/http2", programRoutines: [ { name: "serverConn.serve", }, { name: "serverConn.processHeaders", }, { name: "serverConn.upgradeRequest", }, { name: "serverConn.runHandler", }, { name: "Server.ServeConn", }, ], vendor: "golang.org/x/net", versions: [ { lessThan: "0.17.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-28T04:05:57.980Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/63417", }, { url: "https://go.dev/cl/534215", }, { url: "https://go.dev/cl/534235", }, { url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", }, { url: "https://pkg.go.dev/vuln/GO-2023-2102", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { url: "https://security.netapp.com/advisory/ntap-20231110-0008/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", }, { url: "https://security.gentoo.org/glsa/202311-09", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", }, ], title: "HTTP/2 rapid reset can cause excessive work in net/http", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2023-39325", datePublished: "2023-10-11T21:15:02.727Z", dateReserved: "2023-07-27T17:05:55.188Z", dateUpdated: "2025-02-13T17:02:50.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20918
Vulnerability from cvelistv5
Published
2024-01-16 21:41
Modified
2025-02-13 17:32
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u391 Version: Oracle Java SE:8u391-perf Version: Oracle Java SE:11.0.21 Version: Oracle Java SE:17.0.9 Version: Oracle Java SE:21.0.1 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM for JDK:21.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:06:37.342Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u391", }, { status: "affected", version: "Oracle Java SE:8u391-perf", }, { status: "affected", version: "Oracle Java SE:11.0.21", }, { status: "affected", version: "Oracle Java SE:17.0.9", }, { status: "affected", version: "Oracle Java SE:21.0.1", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.9", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.12", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.8", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.4", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-01T17:06:45.864Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-20918", datePublished: "2024-01-16T21:41:14.954Z", dateReserved: "2023-12-07T22:28:10.619Z", dateUpdated: "2025-02-13T17:32:40.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41110
Vulnerability from cvelistv5
Published
2024-07-24 16:49
Modified
2024-10-13 21:03
Severity ?
EPSS score ?
Summary
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.
Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.
A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.
Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.
docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:docker:moby:19.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { lessThanOrEqual: "19.03.15", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:docker:moby:20.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { lessThanOrEqual: "20.10.27", status: "affected", version: "20.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:docker:moby:23.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { lessThanOrEqual: "23.0.14", status: "affected", version: "23.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:docker:moby:24.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { lessThanOrEqual: "24.0.9", status: "affected", version: "24.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:docker:moby:25.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { lessThanOrEqual: "25.0.5", status: "affected", version: "25.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { lessThanOrEqual: "26.0.2", status: "affected", version: "26.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { lessThanOrEqual: "26.1.14", status: "affected", version: "26.1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:docker:moby:27.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { status: "affected", version: "27.1.0", }, ], }, { cpes: [ "cpe:2.3:a:docker:moby:26.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { lessThanOrEqual: "26.0.2", status: "affected", version: "26.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { lessThanOrEqual: "26.1.14", status: "affected", version: "26.1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "moby", vendor: "docker", versions: [ { lessThanOrEqual: "27.0.3", status: "affected", version: "27.0.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-41110", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-26T03:55:30.375492Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-29T21:01:46.898Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-10-13T21:03:34.392Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq", }, { name: "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191", }, { name: "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76", }, { name: "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919", }, { name: "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b", }, { name: "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0", }, { name: "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1", }, { name: "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00", }, { name: "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f", }, { name: "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801", }, { name: "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb", }, { name: "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin", }, { url: "https://security.netapp.com/advisory/ntap-20240802-0001/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "moby", vendor: "moby", versions: [ { status: "affected", version: ">= 19.03.0, <= 19.03.15", }, { status: "affected", version: ">= 20.0.0, <= 20.10.27", }, { status: "affected", version: ">= 23.0.0, <= 23.0.14", }, { status: "affected", version: ">= 24.0.0, <= 24.0.9", }, { status: "affected", version: ">= 25.0.0, <= 25.0.5", }, { status: "affected", version: ">= 26.0.0, <= 26.0.2", }, { status: "affected", version: ">= 26.1.0, <= 26.1.14", }, { status: "affected", version: ">= 27.0.0, <= 27.0.3", }, { status: "affected", version: "= 27.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-187", description: "CWE-187: Partial String Comparison", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-444", description: "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-863", description: "CWE-863: Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T19:09:22.764Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq", }, { name: "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191", }, { name: "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76", }, { name: "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919", }, { name: "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b", }, { name: "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0", }, { name: "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1", }, { name: "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00", }, { name: "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f", }, { name: "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801", }, { name: "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb", }, { name: "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin", tags: [ "x_refsource_MISC", ], url: "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin", }, ], source: { advisory: "GHSA-v23v-6jw2-98fq", discovery: "UNKNOWN", }, title: "Moby authz zero length regression", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-41110", datePublished: "2024-07-24T16:49:53.068Z", dateReserved: "2024-07-15T15:53:28.321Z", dateUpdated: "2024-10-13T21:03:34.392Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45590
Vulnerability from cvelistv5
Published
2024-09-10 15:54
Modified
2024-09-10 18:47
Severity ?
EPSS score ?
Summary
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7 | x_refsource_CONFIRM | |
| https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| expressjs | body-parser |
Version: < 1.20.3 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "body-parser", vendor: "expressjs", versions: [ { lessThan: "1.20.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45590", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:42:41.773305Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:47:22.965Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "body-parser", vendor: "expressjs", versions: [ { status: "affected", version: "< 1.20.3", }, ], }, ], descriptions: [ { lang: "en", value: "body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-405", description: "CWE-405: Asymmetric Resource Consumption (Amplification)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:54:02.330Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, { name: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", tags: [ "x_refsource_MISC", ], url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, ], source: { advisory: "GHSA-qwcr-r2fm-qrc7", discovery: "UNKNOWN", }, title: "body-parser vulnerable to denial of service when url encoding is enabled", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-45590", datePublished: "2024-09-10T15:54:02.330Z", dateReserved: "2024-09-02T16:00:02.422Z", dateUpdated: "2024-09-10T18:47:22.965Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-32740
Vulnerability from cvelistv5
Published
2021-07-06 14:15
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g | x_refsource_CONFIRM | |
| https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sporkmonger | addressable |
Version: > 2.3.0, <= 2.7.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:33:54.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc", }, { name: "FEDORA-2021-5d14763df8", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/", }, { name: "FEDORA-2021-e9fc035565", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "addressable", vendor: "sporkmonger", versions: [ { status: "affected", version: "> 2.3.0, <= 2.7.0", }, ], }, ], descriptions: [ { lang: "en", value: "Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-27T20:06:16", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc", }, { name: "FEDORA-2021-5d14763df8", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/", }, { name: "FEDORA-2021-e9fc035565", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/", }, ], source: { advisory: "GHSA-jxhc-q857-3j6g", discovery: "UNKNOWN", }, title: "Regular Expression Denial of Service in Addressable templates", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32740", STATE: "PUBLIC", TITLE: "Regular Expression Denial of Service in Addressable templates", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "addressable", version: { version_data: [ { version_value: "> 2.3.0, <= 2.7.0", }, ], }, }, ], }, vendor_name: "sporkmonger", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400: Uncontrolled Resource Consumption", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g", refsource: "CONFIRM", url: "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g", }, { name: "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc", refsource: "MISC", url: "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc", }, { name: "FEDORA-2021-5d14763df8", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/", }, { name: "FEDORA-2021-e9fc035565", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/", }, ], }, source: { advisory: "GHSA-jxhc-q857-3j6g", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-32740", datePublished: "2021-07-06T14:15:12", dateReserved: "2021-05-12T00:00:00", dateUpdated: "2024-08-03T23:33:54.833Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45283
Vulnerability from cvelistv5
Published
2023-11-09 16:30
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \?, resulting in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other effects). The previous behavior has been restored.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Go standard library | path/filepath |
Version: 0 ≤ Version: 1.21.0-0 ≤ |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:21:15.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/issue/63713", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/540277", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", }, { tags: [ "x_transferred", ], url: "https://go.dev/issue/64028", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/541175", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2023-2185", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/05/2", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231214-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "path/filepath", platforms: [ "windows", ], product: "path/filepath", programRoutines: [ { name: "Clean", }, { name: "volumeNameLen", }, { name: "join", }, { name: "Abs", }, { name: "Base", }, { name: "Dir", }, { name: "EvalSymlinks", }, { name: "Glob", }, { name: "IsLocal", }, { name: "Join", }, { name: "Rel", }, { name: "Split", }, { name: "VolumeName", }, { name: "Walk", }, { name: "WalkDir", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.20.11", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.21.4", status: "affected", version: "1.21.0-0", versionType: "semver", }, ], }, { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "internal/safefilepath", platforms: [ "windows", ], product: "internal/safefilepath", programRoutines: [ { name: "fromFS", }, { name: "FromFS", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.20.11", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.21.4", status: "affected", version: "1.21.0-0", versionType: "semver", }, ], }, { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "path/filepath", platforms: [ "windows", ], product: "path/filepath", programRoutines: [ { name: "volumeNameLen", }, { name: "Abs", }, { name: "Base", }, { name: "Clean", }, { name: "Dir", }, { name: "EvalSymlinks", }, { name: "Glob", }, { name: "IsLocal", }, { name: "Join", }, { name: "Rel", }, { name: "Split", }, { name: "VolumeName", }, { name: "Walk", }, { name: "WalkDir", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.20.12", status: "affected", version: "1.20.11", versionType: "semver", }, { lessThan: "1.21.5", status: "affected", version: "1.21.4", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-41: Improper Resolution of Path Equivalence", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-14T10:06:32.436Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/63713", }, { url: "https://go.dev/cl/540277", }, { url: "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", }, { url: "https://go.dev/issue/64028", }, { url: "https://go.dev/cl/541175", }, { url: "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", }, { url: "https://pkg.go.dev/vuln/GO-2023-2185", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/05/2", }, { url: "https://security.netapp.com/advisory/ntap-20231214-0008/", }, ], title: "Insecure parsing of Windows paths with a \\??\\ prefix in path/filepath", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2023-45283", datePublished: "2023-11-09T16:30:12.395Z", dateReserved: "2023-10-06T17:06:26.220Z", dateUpdated: "2025-02-13T17:13:59.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31163
Vulnerability from cvelistv5
Published
2022-07-21 13:30
Modified
2024-09-05 14:09
Severity ?
EPSS score ?
Summary
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx | x_refsource_CONFIRM | |
| https://github.com/tzinfo/tzinfo/releases/tag/v0.3.61 | x_refsource_MISC | |
| https://github.com/tzinfo/tzinfo/releases/tag/v1.2.10 | x_refsource_MISC | |
| https://github.com/tzinfo/tzinfo/commit/9eddbb5c0e682736f61d0dd803b6031a5db9eadf | x_refsource_MISC | |
| https://github.com/tzinfo/tzinfo/commit/9905ca93abf7bf3e387bd592406e403cd18334c7 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2022/08/msg00009.html | mailing-list, x_refsource_MLIST |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-09-03T10:02:42.400Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tzinfo/tzinfo/releases/tag/v0.3.61", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tzinfo/tzinfo/releases/tag/v1.2.10", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tzinfo/tzinfo/commit/9eddbb5c0e682736f61d0dd803b6031a5db9eadf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tzinfo/tzinfo/commit/9905ca93abf7bf3e387bd592406e403cd18334c7", }, { name: "[debian-lts-announce] 20220818 [SECURITY] [DLA 3077-1] ruby-tzinfo security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00009.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/09/msg00008.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-31163", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T14:09:24.627557Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-05T14:09:42.030Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tzinfo", vendor: "tzinfo", versions: [ { status: "affected", version: "< 0.3.61", }, { status: "affected", version: ">= 1.0.0, < 1.2.10", }, ], }, ], descriptions: [ { lang: "en", value: "TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z`.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-23", description: "CWE-23: Relative Path Traversal", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T19:06:19", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tzinfo/tzinfo/releases/tag/v0.3.61", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tzinfo/tzinfo/releases/tag/v1.2.10", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tzinfo/tzinfo/commit/9eddbb5c0e682736f61d0dd803b6031a5db9eadf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tzinfo/tzinfo/commit/9905ca93abf7bf3e387bd592406e403cd18334c7", }, { name: "[debian-lts-announce] 20220818 [SECURITY] [DLA 3077-1] ruby-tzinfo security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00009.html", }, ], source: { advisory: "GHSA-5cm2-9h8c-rvfx", discovery: "UNKNOWN", }, title: "TZInfo relative path traversal vulnerability allows loading of arbitrary files", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-31163", STATE: "PUBLIC", TITLE: "TZInfo relative path traversal vulnerability allows loading of arbitrary files", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "tzinfo", version: { version_data: [ { version_value: "< 0.3.61", }, { version_value: ">= 1.0.0, < 1.2.10", }, ], }, }, ], }, vendor_name: "tzinfo", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z`.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, ], }, { description: [ { lang: "eng", value: "CWE-23: Relative Path Traversal", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx", refsource: "CONFIRM", url: "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx", }, { name: "https://github.com/tzinfo/tzinfo/releases/tag/v0.3.61", refsource: "MISC", url: "https://github.com/tzinfo/tzinfo/releases/tag/v0.3.61", }, { name: "https://github.com/tzinfo/tzinfo/releases/tag/v1.2.10", refsource: "MISC", url: "https://github.com/tzinfo/tzinfo/releases/tag/v1.2.10", }, { name: "https://github.com/tzinfo/tzinfo/commit/9eddbb5c0e682736f61d0dd803b6031a5db9eadf", refsource: "MISC", url: "https://github.com/tzinfo/tzinfo/commit/9eddbb5c0e682736f61d0dd803b6031a5db9eadf", }, { name: "https://github.com/tzinfo/tzinfo/commit/9905ca93abf7bf3e387bd592406e403cd18334c7", refsource: "MISC", url: "https://github.com/tzinfo/tzinfo/commit/9905ca93abf7bf3e387bd592406e403cd18334c7", }, { name: "[debian-lts-announce] 20220818 [SECURITY] [DLA 3077-1] ruby-tzinfo security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00009.html", }, ], }, source: { advisory: "GHSA-5cm2-9h8c-rvfx", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-31163", datePublished: "2022-07-21T13:30:16", dateReserved: "2022-05-18T00:00:00", dateUpdated: "2024-09-05T14:09:42.030Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37370
Vulnerability from cvelistv5
Published
2024-06-28 00:00
Modified
2025-03-13 18:14
Severity ?
EPSS score ?
Summary
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-37370", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T15:25:49.407050Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-345", description: "CWE-345 Insufficient Verification of Data Authenticity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T18:14:25.560Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-11-08T15:02:50.736Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://web.mit.edu/kerberos/www/advisories/", }, { tags: [ "x_transferred", ], url: "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", }, { url: "https://security.netapp.com/advisory/ntap-20241108-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-28T22:04:28.292Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://web.mit.edu/kerberos/www/advisories/", }, { url: "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-37370", datePublished: "2024-06-28T00:00:00.000Z", dateReserved: "2024-06-06T00:00:00.000Z", dateUpdated: "2025-03-13T18:14:25.560Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45288
Vulnerability from cvelistv5
Published
2024-04-04 20:37
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Go standard library | net/http |
Version: 0 ≤ Version: 1.22.0-0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:21:15.329Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/issue/65051", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/576155", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2024-2687", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240419-0009/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/05/4", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/03/16", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:go_standard_library:net\\/http:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "net\\/http", vendor: "go_standard_library", versions: [ { lessThan: "1.21.9", status: "affected", version: "0", versionType: "custom", }, { lessThan: "1.22.2", status: "affected", version: "1.22.0-0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:golang:http2:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "http2", vendor: "golang", versions: [ { lessThan: "0.23.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-45288", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-05T17:08:42.212936Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-26T20:40:01.996Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "net/http", product: "net/http", programRoutines: [ { name: "http2Framer.readMetaFrame", }, { name: "CanonicalHeaderKey", }, { name: "Client.CloseIdleConnections", }, { name: "Client.Do", }, { name: "Client.Get", }, { name: "Client.Head", }, { name: "Client.Post", }, { name: "Client.PostForm", }, { name: "Cookie.String", }, { name: "Cookie.Valid", }, { name: "Dir.Open", }, { name: "Error", }, { name: "Get", }, { name: "HandlerFunc.ServeHTTP", }, { name: "Head", }, { name: "Header.Add", }, { name: "Header.Del", }, { name: "Header.Get", }, { name: "Header.Set", }, { name: "Header.Values", }, { name: "Header.Write", }, { name: "Header.WriteSubset", }, { name: "ListenAndServe", }, { name: "ListenAndServeTLS", }, { name: "NewRequest", }, { name: "NewRequestWithContext", }, { name: "NotFound", }, { name: "ParseTime", }, { name: "Post", }, { name: "PostForm", }, { name: "ProxyFromEnvironment", }, { name: "ReadRequest", }, { name: "ReadResponse", }, { name: "Redirect", }, { name: "Request.AddCookie", }, { name: "Request.BasicAuth", }, { name: "Request.FormFile", }, { name: "Request.FormValue", }, { name: "Request.MultipartReader", }, { name: "Request.ParseForm", }, { name: "Request.ParseMultipartForm", }, { name: "Request.PostFormValue", }, { name: "Request.Referer", }, { name: "Request.SetBasicAuth", }, { name: "Request.UserAgent", }, { name: "Request.Write", }, { name: "Request.WriteProxy", }, { name: "Response.Cookies", }, { name: "Response.Location", }, { name: "Response.Write", }, { name: "ResponseController.EnableFullDuplex", }, { name: "ResponseController.Flush", }, { name: "ResponseController.Hijack", }, { name: "ResponseController.SetReadDeadline", }, { name: "ResponseController.SetWriteDeadline", }, { name: "Serve", }, { name: "ServeContent", }, { name: "ServeFile", }, { name: "ServeMux.ServeHTTP", }, { name: "ServeTLS", }, { name: "Server.Close", }, { name: "Server.ListenAndServe", }, { name: "Server.ListenAndServeTLS", }, { name: "Server.Serve", }, { name: "Server.ServeTLS", }, { name: "Server.SetKeepAlivesEnabled", }, { name: "Server.Shutdown", }, { name: "SetCookie", }, { name: "Transport.CancelRequest", }, { name: "Transport.Clone", }, { name: "Transport.CloseIdleConnections", }, { name: "Transport.RoundTrip", }, { name: "body.Close", }, { name: "body.Read", }, { name: "bodyEOFSignal.Close", }, { name: "bodyEOFSignal.Read", }, { name: "bodyLocked.Read", }, { name: "bufioFlushWriter.Write", }, { name: "cancelTimerBody.Close", }, { name: "cancelTimerBody.Read", }, { name: "checkConnErrorWriter.Write", }, { name: "chunkWriter.Write", }, { name: "connReader.Read", }, { name: "connectMethodKey.String", }, { name: "expectContinueReader.Close", }, { name: "expectContinueReader.Read", }, { name: "extraHeader.Write", }, { name: "fileHandler.ServeHTTP", }, { name: "fileTransport.RoundTrip", }, { name: "globalOptionsHandler.ServeHTTP", }, { name: "gzipReader.Close", }, { name: "gzipReader.Read", }, { name: "http2ClientConn.Close", }, { name: "http2ClientConn.Ping", }, { name: "http2ClientConn.RoundTrip", }, { name: "http2ClientConn.Shutdown", }, { name: "http2ConnectionError.Error", }, { name: "http2ErrCode.String", }, { name: "http2FrameHeader.String", }, { name: "http2FrameType.String", }, { name: "http2FrameWriteRequest.String", }, { name: "http2Framer.ReadFrame", }, { name: "http2Framer.WriteContinuation", }, { name: "http2Framer.WriteData", }, { name: "http2Framer.WriteDataPadded", }, { name: "http2Framer.WriteGoAway", }, { name: "http2Framer.WriteHeaders", }, { name: "http2Framer.WritePing", }, { name: "http2Framer.WritePriority", }, { name: "http2Framer.WritePushPromise", }, { name: "http2Framer.WriteRSTStream", }, { name: "http2Framer.WriteRawFrame", }, { name: "http2Framer.WriteSettings", }, { name: "http2Framer.WriteSettingsAck", }, { name: "http2Framer.WriteWindowUpdate", }, { name: "http2GoAwayError.Error", }, { name: "http2Server.ServeConn", }, { name: "http2Setting.String", }, { name: "http2SettingID.String", }, { name: "http2SettingsFrame.ForeachSetting", }, { name: "http2StreamError.Error", }, { name: "http2Transport.CloseIdleConnections", }, { name: "http2Transport.NewClientConn", }, { name: "http2Transport.RoundTrip", }, { name: "http2Transport.RoundTripOpt", }, { name: "http2bufferedWriter.Flush", }, { name: "http2bufferedWriter.Write", }, { name: "http2chunkWriter.Write", }, { name: "http2clientConnPool.GetClientConn", }, { name: "http2connError.Error", }, { name: "http2dataBuffer.Read", }, { name: "http2duplicatePseudoHeaderError.Error", }, { name: "http2gzipReader.Close", }, { name: "http2gzipReader.Read", }, { name: "http2headerFieldNameError.Error", }, { name: "http2headerFieldValueError.Error", }, { name: "http2noDialClientConnPool.GetClientConn", }, { name: "http2noDialH2RoundTripper.RoundTrip", }, { name: "http2pipe.Read", }, { name: "http2priorityWriteScheduler.CloseStream", }, { name: "http2priorityWriteScheduler.OpenStream", }, { name: "http2pseudoHeaderError.Error", }, { name: "http2requestBody.Close", }, { name: "http2requestBody.Read", }, { name: "http2responseWriter.Flush", }, { name: "http2responseWriter.FlushError", }, { name: "http2responseWriter.Push", }, { name: "http2responseWriter.SetReadDeadline", }, { name: "http2responseWriter.SetWriteDeadline", }, { name: "http2responseWriter.Write", }, { name: "http2responseWriter.WriteHeader", }, { name: "http2responseWriter.WriteString", }, { name: "http2roundRobinWriteScheduler.OpenStream", }, { name: "http2serverConn.CloseConn", }, { name: "http2serverConn.Flush", }, { name: "http2stickyErrWriter.Write", }, { name: "http2transportResponseBody.Close", }, { name: "http2transportResponseBody.Read", }, { name: "http2writeData.String", }, { name: "initALPNRequest.ServeHTTP", }, { name: "loggingConn.Close", }, { name: "loggingConn.Read", }, { name: "loggingConn.Write", }, { name: "maxBytesReader.Close", }, { name: "maxBytesReader.Read", }, { name: "onceCloseListener.Close", }, { name: "persistConn.Read", }, { name: "persistConnWriter.ReadFrom", }, { name: "persistConnWriter.Write", }, { name: "populateResponse.Write", }, { name: "populateResponse.WriteHeader", }, { name: "readTrackingBody.Close", }, { name: "readTrackingBody.Read", }, { name: "readWriteCloserBody.Read", }, { name: "redirectHandler.ServeHTTP", }, { name: "response.Flush", }, { name: "response.FlushError", }, { name: "response.Hijack", }, { name: "response.ReadFrom", }, { name: "response.Write", }, { name: "response.WriteHeader", }, { name: "response.WriteString", }, { name: "serverHandler.ServeHTTP", }, { name: "socksDialer.DialWithConn", }, { name: "socksUsernamePassword.Authenticate", }, { name: "stringWriter.WriteString", }, { name: "timeoutHandler.ServeHTTP", }, { name: "timeoutWriter.Write", }, { name: "timeoutWriter.WriteHeader", }, { name: "transportReadFromServerError.Error", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.21.9", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.22.2", status: "affected", version: "1.22.0-0", versionType: "semver", }, ], }, { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "golang.org/x/net/http2", product: "golang.org/x/net/http2", programRoutines: [ { name: "Framer.readMetaFrame", }, { name: "ClientConn.Close", }, { name: "ClientConn.Ping", }, { name: "ClientConn.RoundTrip", }, { name: "ClientConn.Shutdown", }, { name: "ConfigureServer", }, { name: "ConfigureTransport", }, { name: "ConfigureTransports", }, { name: "ConnectionError.Error", }, { name: "ErrCode.String", }, { name: "FrameHeader.String", }, { name: "FrameType.String", }, { name: "FrameWriteRequest.String", }, { name: "Framer.ReadFrame", }, { name: "Framer.WriteContinuation", }, { name: "Framer.WriteData", }, { name: "Framer.WriteDataPadded", }, { name: "Framer.WriteGoAway", }, { name: "Framer.WriteHeaders", }, { name: "Framer.WritePing", }, { name: "Framer.WritePriority", }, { name: "Framer.WritePushPromise", }, { name: "Framer.WriteRSTStream", }, { name: "Framer.WriteRawFrame", }, { name: "Framer.WriteSettings", }, { name: "Framer.WriteSettingsAck", }, { name: "Framer.WriteWindowUpdate", }, { name: "GoAwayError.Error", }, { name: "ReadFrameHeader", }, { name: "Server.ServeConn", }, { name: "Setting.String", }, { name: "SettingID.String", }, { name: "SettingsFrame.ForeachSetting", }, { name: "StreamError.Error", }, { name: "Transport.CloseIdleConnections", }, { name: "Transport.NewClientConn", }, { name: "Transport.RoundTrip", }, { name: "Transport.RoundTripOpt", }, { name: "bufferedWriter.Flush", }, { name: "bufferedWriter.Write", }, { name: "chunkWriter.Write", }, { name: "clientConnPool.GetClientConn", }, { name: "connError.Error", }, { name: "dataBuffer.Read", }, { name: "duplicatePseudoHeaderError.Error", }, { name: "gzipReader.Close", }, { name: "gzipReader.Read", }, { name: "headerFieldNameError.Error", }, { name: "headerFieldValueError.Error", }, { name: "noDialClientConnPool.GetClientConn", }, { name: "noDialH2RoundTripper.RoundTrip", }, { name: "pipe.Read", }, { name: "priorityWriteScheduler.CloseStream", }, { name: "priorityWriteScheduler.OpenStream", }, { name: "pseudoHeaderError.Error", }, { name: "requestBody.Close", }, { name: "requestBody.Read", }, { name: "responseWriter.Flush", }, { name: "responseWriter.FlushError", }, { name: "responseWriter.Push", }, { name: "responseWriter.SetReadDeadline", }, { name: "responseWriter.SetWriteDeadline", }, { name: "responseWriter.Write", }, { name: "responseWriter.WriteHeader", }, { name: "responseWriter.WriteString", }, { name: "roundRobinWriteScheduler.OpenStream", }, { name: "serverConn.CloseConn", }, { name: "serverConn.Flush", }, { name: "stickyErrWriter.Write", }, { name: "transportResponseBody.Close", }, { name: "transportResponseBody.Read", }, { name: "writeData.String", }, ], vendor: "golang.org/x/net", versions: [ { lessThan: "0.23.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Bartek Nowotarski (https://nowotarski.info/)", }, ], descriptions: [ { lang: "en", value: "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T17:10:07.754Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/65051", }, { url: "https://go.dev/cl/576155", }, { url: "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", }, { url: "https://pkg.go.dev/vuln/GO-2024-2687", }, { url: "https://security.netapp.com/advisory/ntap-20240419-0009/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/05/4", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/03/16", }, ], title: "HTTP/2 CONTINUATION flood in net/http", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2023-45288", datePublished: "2024-04-04T20:37:30.714Z", dateReserved: "2023-10-06T17:06:26.221Z", dateUpdated: "2025-02-13T17:14:01.156Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33883
Vulnerability from cvelistv5
Published
2024-04-28 00:00
Modified
2024-08-02 02:42
Severity ?
EPSS score ?
Summary
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33883", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-29T17:22:05.915082Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693 Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T15:23:09.472Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:59.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5", }, { tags: [ "x_transferred", ], url: "https://github.com/mde/ejs/compare/v3.1.9...v3.1.10", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240605-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-10T16:12:59.897713", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5", }, { url: "https://github.com/mde/ejs/compare/v3.1.9...v3.1.10", }, { url: "https://security.netapp.com/advisory/ntap-20240605-0003/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33883", datePublished: "2024-04-28T00:00:00", dateReserved: "2024-04-28T00:00:00", dateUpdated: "2024-08-02T02:42:59.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6119
Vulnerability from cvelistv5
Published
2024-09-03 15:58
Modified
2024-09-12 16:03
Severity ?
EPSS score ?
Summary
Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server certificates) may attempt to read an invalid memory
address resulting in abnormal termination of the application process.
Impact summary: Abnormal termination of an application can a cause a denial of
service.
Applications performing certificate name checks (e.g., TLS clients checking
server certificates) may attempt to read an invalid memory address when
comparing the expected name with an `otherName` subject alternative name of an
X.509 certificate. This may result in an exception that terminates the
application program.
Note that basic certificate chain validation (signatures, dates, ...) is not
affected, the denial of service can occur only when the application also
specifies an expected DNS name, Email address or IP address.
TLS servers rarely solicit client certificates, and even when they do, they
generally don't perform a name check against a reference identifier (expected
identity), but rather extract the presented identity after checking the
certificate chain. So TLS servers are generally not affected and the severity
of the issue is Moderate.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-09-12T16:03:01.704Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/09/03/4", }, { url: "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html", }, { url: "https://security.netapp.com/advisory/ntap-20240912-0001/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openssl", vendor: "openssl", versions: [ { lessThan: "3.3.2", status: "affected", version: "3.3.0", versionType: "custom", }, { lessThan: "3.2.3", status: "affected", version: "3.2.0", versionType: "custom", }, { lessThan: "3.1.7", status: "affected", version: "3.1.0", versionType: "custom", }, { lessThan: "3.0.15", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-6119", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T20:20:39.935362Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T20:25:47.056Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "OpenSSL", vendor: "OpenSSL", versions: [ { lessThan: "3.3.2", status: "affected", version: "3.3.0", versionType: "semver", }, { lessThan: "3.2.3", status: "affected", version: "3.2.0", versionType: "semver", }, { lessThan: "3.1.7", status: "affected", version: "3.1.0", versionType: "semver", }, { lessThan: "3.0.15", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "David Benjamin (Google)", }, { lang: "en", type: "remediation developer", value: "Viktor Dukhovni", }, ], datePublic: "2024-09-03T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Issue summary: Applications performing certificate name checks (e.g., TLS<br>clients checking server certificates) may attempt to read an invalid memory<br>address resulting in abnormal termination of the application process.<br><br>Impact summary: Abnormal termination of an application can a cause a denial of<br>service.<br><br>Applications performing certificate name checks (e.g., TLS clients checking<br>server certificates) may attempt to read an invalid memory address when<br>comparing the expected name with an `otherName` subject alternative name of an<br>X.509 certificate. This may result in an exception that terminates the<br>application program.<br><br>Note that basic certificate chain validation (signatures, dates, ...) is not<br>affected, the denial of service can occur only when the application also<br>specifies an expected DNS name, Email address or IP address.<br><br>TLS servers rarely solicit client certificates, and even when they do, they<br>generally don't perform a name check against a reference identifier (expected<br>identity), but rather extract the presented identity after checking the<br>certificate chain. So TLS servers are generally not affected and the severity<br>of the issue is Moderate.<br><br>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", }, ], value: "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", }, ], metrics: [ { format: "other", other: { content: { text: "Moderate", }, type: "https://www.openssl.org/policies/secpolicy.html", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-03T15:58:06.970Z", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "OpenSSL Advisory", tags: [ "vendor-advisory", ], url: "https://openssl-library.org/news/secadv/20240903.txt", }, { name: "3.3.2 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0", }, { name: "3.2.3 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f", }, { name: "3.1.7 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2", }, { name: "3.0.15 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6", }, ], source: { discovery: "UNKNOWN", }, title: "Possible denial of service in X.509 name checks", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2024-6119", datePublished: "2024-09-03T15:58:06.970Z", dateReserved: "2024-06-18T09:24:11.739Z", dateUpdated: "2024-09-12T16:03:01.704Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27281
Vulnerability from cvelistv5
Published
2024-05-08 20:56
Modified
2025-02-13 15:47
Severity ?
EPSS score ?
Summary
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T00:27:59.953Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1187477", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:ruby:rdoc:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rdoc", vendor: "ruby", versions: [ { lessThanOrEqual: "6.6.2", status: "affected", version: "6.3.3", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27281", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-20T13:50:49.740883Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-20T14:02:13.614Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-08T20:56:26.831Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/1187477", }, { url: "https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-27281", datePublished: "2024-05-08T20:56:26.427Z", dateReserved: "2024-02-22T00:00:00.000Z", dateUpdated: "2025-02-13T15:47:15.798Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0406
Vulnerability from cvelistv5
Published
2024-04-06 16:11
Modified
2025-03-11 05:46
Severity ?
EPSS score ?
Summary
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:2449 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-0406 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2257749 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: v3.0.0 < * Patch: v4.0.0 |
||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-0406", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-09T19:56:01.225454Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:38.198Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:04:49.645Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-0406", }, { name: "RHBZ#2257749", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2257749", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/mholt/archiver", defaultStatus: "unaffected", packageName: "archiver", versions: [ { lessThan: "*", status: "affected", version: "v3.0.0", versionType: "custom", }, { lessThan: "*", status: "unaffected", version: "v4.0.0", versionType: "custom", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/oc-mirror-plugin-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202503051333.p0.g22b273d.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-roxctl-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-roxctl-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-scanner-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Stefan Cornelius (Red Hat).", }, ], datePublic: "2024-01-31T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T05:46:34.637Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2449", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2449", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-0406", }, { name: "RHBZ#2257749", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2257749", }, ], timeline: [ { lang: "en", time: "2024-01-10T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-01-31T00:00:00+00:00", value: "Made public.", }, ], title: "Mholt/archiver: path traversal vulnerability", x_redhatCweChain: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-0406", datePublished: "2024-04-06T16:11:02.643Z", dateReserved: "2024-01-10T18:18:28.288Z", dateUpdated: "2025-03-11T05:46:34.637Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41993
Vulnerability from cvelistv5
Published
2023-09-21 18:23
Modified
2025-02-13 17:09
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.0.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.0.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "37", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "38", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "39", }, ], }, { cpes: [ "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "debian_linux", vendor: "debian", versions: [ { status: "affected", version: "11.0", }, { status: "affected", version: "12.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "graalvm", vendor: "oracle", versions: [ { status: "affected", version: "20.3.13", }, ], }, { cpes: [ "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "graalvm", vendor: "oracle", versions: [ { status: "affected", version: "21.3.9", }, ], }, { cpes: [ "cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jdk", vendor: "oracle", versions: [ { status: "affected", version: "1.8.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jre", vendor: "oracle", versions: [ { status: "affected", version: "1.8.0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cloud_insights_acquisition_unit", vendor: "netapp", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cloud_insights_storage_workload_security_agent", vendor: "netapp", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "oncommand_insight", vendor: "netapp", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "oncommand_workflow_automation", vendor: "netapp", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-41993", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-11T02:17:52.028515Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-09-25", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41993", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-29T16:19:32.611Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-29T13:17:27.813Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213940", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-33", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240426-0004/", }, { url: "https://webkitgtk.org/security/WSA-2023-0009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-26T09:06:59.072Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213940", }, { url: "https://security.gentoo.org/glsa/202401-33", }, { url: "https://security.netapp.com/advisory/ntap-20240426-0004/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2023-41993", datePublished: "2023-09-21T18:23:52.197Z", dateReserved: "2023-09-06T17:40:06.142Z", dateUpdated: "2025-02-13T17:09:12.791Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41123
Vulnerability from cvelistv5
Published
2024-08-01 14:18
Modified
2024-12-27 16:03
Severity ?
EPSS score ?
Summary
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6 | x_refsource_CONFIRM | |
| https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | x_refsource_MISC | |
| https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | x_refsource_MISC | |
| https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*", ], defaultStatus: "unknown", product: "rexml", vendor: "ruby-lang", versions: [ { lessThan: "3.3.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-41123", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-01T14:33:21.621506Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-01T15:46:58.083Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-27T16:03:05.085Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20241227-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "rexml", vendor: "ruby", versions: [ { status: "affected", version: "< 3.3.3", }, ], }, ], descriptions: [ { lang: "en", value: "REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-01T14:18:43.611Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6", }, { name: "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8", tags: [ "x_refsource_MISC", ], url: "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8", }, { name: "https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh", tags: [ "x_refsource_MISC", ], url: "https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh", }, { name: "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123", tags: [ "x_refsource_MISC", ], url: "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123", }, ], source: { advisory: "GHSA-r55c-59qm-vjw6", discovery: "UNKNOWN", }, title: "REXML DoS vulnerability", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-41123", datePublished: "2024-08-01T14:18:43.611Z", dateReserved: "2024-07-15T15:53:28.323Z", dateUpdated: "2024-12-27T16:03:05.085Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2398
Vulnerability from cvelistv5
Published
2024-03-27 07:55
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| curl | curl |
Version: 8.6.0 ≤ 8.6.0 Version: 8.5.0 ≤ 8.5.0 Version: 8.4.0 ≤ 8.4.0 Version: 8.3.0 ≤ 8.3.0 Version: 8.2.1 ≤ 8.2.1 Version: 8.2.0 ≤ 8.2.0 Version: 8.1.2 ≤ 8.1.2 Version: 8.1.1 ≤ 8.1.1 Version: 8.1.0 ≤ 8.1.0 Version: 8.0.1 ≤ 8.0.1 Version: 8.0.0 ≤ 8.0.0 Version: 7.88.1 ≤ 7.88.1 Version: 7.88.0 ≤ 7.88.0 Version: 7.87.0 ≤ 7.87.0 Version: 7.86.0 ≤ 7.86.0 Version: 7.85.0 ≤ 7.85.0 Version: 7.84.0 ≤ 7.84.0 Version: 7.83.1 ≤ 7.83.1 Version: 7.83.0 ≤ 7.83.0 Version: 7.82.0 ≤ 7.82.0 Version: 7.81.0 ≤ 7.81.0 Version: 7.80.0 ≤ 7.80.0 Version: 7.79.1 ≤ 7.79.1 Version: 7.79.0 ≤ 7.79.0 Version: 7.78.0 ≤ 7.78.0 Version: 7.77.0 ≤ 7.77.0 Version: 7.76.1 ≤ 7.76.1 Version: 7.76.0 ≤ 7.76.0 Version: 7.75.0 ≤ 7.75.0 Version: 7.74.0 ≤ 7.74.0 Version: 7.73.0 ≤ 7.73.0 Version: 7.72.0 ≤ 7.72.0 Version: 7.71.1 ≤ 7.71.1 Version: 7.71.0 ≤ 7.71.0 Version: 7.70.0 ≤ 7.70.0 Version: 7.69.1 ≤ 7.69.1 Version: 7.69.0 ≤ 7.69.0 Version: 7.68.0 ≤ 7.68.0 Version: 7.67.0 ≤ 7.67.0 Version: 7.66.0 ≤ 7.66.0 Version: 7.65.3 ≤ 7.65.3 Version: 7.65.2 ≤ 7.65.2 Version: 7.65.1 ≤ 7.65.1 Version: 7.65.0 ≤ 7.65.0 Version: 7.64.1 ≤ 7.64.1 Version: 7.64.0 ≤ 7.64.0 Version: 7.63.0 ≤ 7.63.0 Version: 7.62.0 ≤ 7.62.0 Version: 7.61.1 ≤ 7.61.1 Version: 7.61.0 ≤ 7.61.0 Version: 7.60.0 ≤ 7.60.0 Version: 7.59.0 ≤ 7.59.0 Version: 7.58.0 ≤ 7.58.0 Version: 7.57.0 ≤ 7.57.0 Version: 7.56.1 ≤ 7.56.1 Version: 7.56.0 ≤ 7.56.0 Version: 7.55.1 ≤ 7.55.1 Version: 7.55.0 ≤ 7.55.0 Version: 7.54.1 ≤ 7.54.1 Version: 7.54.0 ≤ 7.54.0 Version: 7.53.1 ≤ 7.53.1 Version: 7.53.0 ≤ 7.53.0 Version: 7.52.1 ≤ 7.52.1 Version: 7.52.0 ≤ 7.52.0 Version: 7.51.0 ≤ 7.51.0 Version: 7.50.3 ≤ 7.50.3 Version: 7.50.2 ≤ 7.50.2 Version: 7.50.1 ≤ 7.50.1 Version: 7.50.0 ≤ 7.50.0 Version: 7.49.1 ≤ 7.49.1 Version: 7.49.0 ≤ 7.49.0 Version: 7.48.0 ≤ 7.48.0 Version: 7.47.1 ≤ 7.47.1 Version: 7.47.0 ≤ 7.47.0 Version: 7.46.0 ≤ 7.46.0 Version: 7.45.0 ≤ 7.45.0 Version: 7.44.0 ≤ 7.44.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:curl:curl:7.4:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "curl", vendor: "curl", versions: [ { lessThanOrEqual: "8.6.0", status: "affected", version: "7.44.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-2398", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-26T18:57:39.256472Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:30:40.286Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T19:11:53.566Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "json", tags: [ "x_transferred", ], url: "https://curl.se/docs/CVE-2024-2398.json", }, { name: "www", tags: [ "x_transferred", ], url: "https://curl.se/docs/CVE-2024-2398.html", }, { name: "issue", tags: [ "x_transferred", ], url: "https://hackerone.com/reports/2402845", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/27/3", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240503-0009/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214118", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214120", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "curl", vendor: "curl", versions: [ { lessThanOrEqual: "8.6.0", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.0", status: "affected", version: "8.5.0", versionType: "semver", }, { lessThanOrEqual: "8.4.0", status: "affected", version: "8.4.0", versionType: "semver", }, { lessThanOrEqual: "8.3.0", status: "affected", version: "8.3.0", versionType: "semver", }, { lessThanOrEqual: "8.2.1", status: "affected", version: "8.2.1", versionType: "semver", }, { lessThanOrEqual: "8.2.0", status: "affected", version: "8.2.0", versionType: "semver", }, { lessThanOrEqual: "8.1.2", status: "affected", version: "8.1.2", versionType: "semver", }, { lessThanOrEqual: "8.1.1", status: "affected", version: "8.1.1", versionType: "semver", }, { lessThanOrEqual: "8.1.0", status: "affected", version: "8.1.0", versionType: "semver", }, { lessThanOrEqual: "8.0.1", status: "affected", version: "8.0.1", versionType: "semver", }, { lessThanOrEqual: "8.0.0", status: "affected", version: "8.0.0", versionType: "semver", }, { lessThanOrEqual: "7.88.1", status: "affected", version: "7.88.1", versionType: "semver", }, { lessThanOrEqual: "7.88.0", status: "affected", version: "7.88.0", versionType: "semver", }, { lessThanOrEqual: "7.87.0", status: "affected", version: "7.87.0", versionType: "semver", }, { lessThanOrEqual: "7.86.0", status: "affected", version: "7.86.0", versionType: "semver", }, { lessThanOrEqual: "7.85.0", status: "affected", version: "7.85.0", versionType: "semver", }, { lessThanOrEqual: "7.84.0", status: "affected", version: "7.84.0", versionType: "semver", }, { lessThanOrEqual: "7.83.1", status: "affected", version: "7.83.1", versionType: "semver", }, { lessThanOrEqual: "7.83.0", status: "affected", version: "7.83.0", versionType: "semver", }, { lessThanOrEqual: "7.82.0", status: "affected", version: "7.82.0", versionType: "semver", }, { lessThanOrEqual: "7.81.0", status: "affected", version: "7.81.0", versionType: "semver", }, { lessThanOrEqual: "7.80.0", status: "affected", version: "7.80.0", versionType: "semver", }, { lessThanOrEqual: "7.79.1", status: "affected", version: "7.79.1", versionType: "semver", }, { lessThanOrEqual: "7.79.0", status: "affected", version: "7.79.0", versionType: "semver", }, { lessThanOrEqual: "7.78.0", status: "affected", version: "7.78.0", versionType: "semver", }, { lessThanOrEqual: "7.77.0", status: "affected", version: "7.77.0", versionType: "semver", }, { lessThanOrEqual: "7.76.1", status: "affected", version: "7.76.1", versionType: "semver", }, { lessThanOrEqual: "7.76.0", status: "affected", version: "7.76.0", versionType: "semver", }, { lessThanOrEqual: "7.75.0", status: "affected", version: "7.75.0", versionType: "semver", }, { lessThanOrEqual: "7.74.0", status: "affected", version: "7.74.0", versionType: "semver", }, { lessThanOrEqual: "7.73.0", status: "affected", version: "7.73.0", versionType: "semver", }, { lessThanOrEqual: "7.72.0", status: "affected", version: "7.72.0", versionType: "semver", }, { lessThanOrEqual: "7.71.1", status: "affected", version: "7.71.1", versionType: "semver", }, { lessThanOrEqual: "7.71.0", status: "affected", version: "7.71.0", versionType: "semver", }, { lessThanOrEqual: "7.70.0", status: "affected", version: "7.70.0", versionType: "semver", }, { lessThanOrEqual: "7.69.1", status: "affected", version: "7.69.1", versionType: "semver", }, { lessThanOrEqual: "7.69.0", status: "affected", version: "7.69.0", versionType: "semver", }, { lessThanOrEqual: "7.68.0", status: "affected", version: "7.68.0", versionType: "semver", }, { lessThanOrEqual: "7.67.0", status: "affected", version: "7.67.0", versionType: "semver", }, { lessThanOrEqual: "7.66.0", status: "affected", version: "7.66.0", versionType: "semver", }, { lessThanOrEqual: "7.65.3", status: "affected", version: "7.65.3", versionType: "semver", }, { lessThanOrEqual: "7.65.2", status: "affected", version: "7.65.2", versionType: "semver", }, { lessThanOrEqual: "7.65.1", status: "affected", version: "7.65.1", versionType: "semver", }, { lessThanOrEqual: "7.65.0", status: "affected", version: "7.65.0", versionType: "semver", }, { lessThanOrEqual: "7.64.1", status: "affected", version: "7.64.1", versionType: "semver", }, { lessThanOrEqual: "7.64.0", status: "affected", version: "7.64.0", versionType: "semver", }, { lessThanOrEqual: "7.63.0", status: "affected", version: "7.63.0", versionType: "semver", }, { lessThanOrEqual: "7.62.0", status: "affected", version: "7.62.0", versionType: "semver", }, { lessThanOrEqual: "7.61.1", status: "affected", version: "7.61.1", versionType: "semver", }, { lessThanOrEqual: "7.61.0", status: "affected", version: "7.61.0", versionType: "semver", }, { lessThanOrEqual: "7.60.0", status: "affected", version: "7.60.0", versionType: "semver", }, { lessThanOrEqual: "7.59.0", status: "affected", version: "7.59.0", versionType: "semver", }, { lessThanOrEqual: "7.58.0", status: "affected", version: "7.58.0", versionType: "semver", }, { lessThanOrEqual: "7.57.0", status: "affected", version: "7.57.0", versionType: "semver", }, { lessThanOrEqual: "7.56.1", status: "affected", version: "7.56.1", versionType: "semver", }, { lessThanOrEqual: "7.56.0", status: "affected", version: "7.56.0", versionType: "semver", }, { lessThanOrEqual: "7.55.1", status: "affected", version: "7.55.1", versionType: "semver", }, { lessThanOrEqual: "7.55.0", status: "affected", version: "7.55.0", versionType: "semver", }, { lessThanOrEqual: "7.54.1", status: "affected", version: "7.54.1", versionType: "semver", }, { lessThanOrEqual: "7.54.0", status: "affected", version: "7.54.0", versionType: "semver", }, { lessThanOrEqual: "7.53.1", status: "affected", version: "7.53.1", versionType: "semver", }, { lessThanOrEqual: "7.53.0", status: "affected", version: "7.53.0", versionType: "semver", }, { lessThanOrEqual: "7.52.1", status: "affected", version: "7.52.1", versionType: "semver", }, { lessThanOrEqual: "7.52.0", status: "affected", version: "7.52.0", versionType: "semver", }, { lessThanOrEqual: "7.51.0", status: "affected", version: "7.51.0", versionType: "semver", }, { lessThanOrEqual: "7.50.3", status: "affected", version: "7.50.3", versionType: "semver", }, { lessThanOrEqual: "7.50.2", status: "affected", version: "7.50.2", versionType: "semver", }, { lessThanOrEqual: "7.50.1", status: "affected", version: "7.50.1", versionType: "semver", }, { lessThanOrEqual: "7.50.0", status: "affected", version: "7.50.0", versionType: "semver", }, { lessThanOrEqual: "7.49.1", status: "affected", version: "7.49.1", versionType: "semver", }, { lessThanOrEqual: "7.49.0", status: "affected", version: "7.49.0", versionType: "semver", }, { lessThanOrEqual: "7.48.0", status: "affected", version: "7.48.0", versionType: "semver", }, { lessThanOrEqual: "7.47.1", status: "affected", version: "7.47.1", versionType: "semver", }, { lessThanOrEqual: "7.47.0", status: "affected", version: "7.47.0", versionType: "semver", }, { lessThanOrEqual: "7.46.0", status: "affected", version: "7.46.0", versionType: "semver", }, { lessThanOrEqual: "7.45.0", status: "affected", version: "7.45.0", versionType: "semver", }, { lessThanOrEqual: "7.44.0", status: "affected", version: "7.44.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "w0x42 on hackerone", }, { lang: "en", type: "remediation developer", value: "Stefan Eissing", }, ], descriptions: [ { lang: "en", value: "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-772 Missing Release of Resource after Effective Lifetime", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:06:29.645Z", orgId: "2499f714-1537-4658-8207-48ae4bb9eae9", shortName: "curl", }, references: [ { name: "json", url: "https://curl.se/docs/CVE-2024-2398.json", }, { name: "www", url: "https://curl.se/docs/CVE-2024-2398.html", }, { name: "issue", url: "https://hackerone.com/reports/2402845", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/27/3", }, { url: "https://security.netapp.com/advisory/ntap-20240503-0009/", }, { url: "https://support.apple.com/kb/HT214119", }, { url: "https://support.apple.com/kb/HT214118", }, { url: "https://support.apple.com/kb/HT214120", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], title: "HTTP/2 push headers memory-leak", }, }, cveMetadata: { assignerOrgId: "2499f714-1537-4658-8207-48ae4bb9eae9", assignerShortName: "curl", cveId: "CVE-2024-2398", datePublished: "2024-03-27T07:55:48.524Z", dateReserved: "2024-03-12T10:59:22.660Z", dateUpdated: "2025-02-13T17:40:07.893Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4068
Vulnerability from cvelistv5
Published
2024-05-13 10:06
Modified
2024-11-06 13:10
Severity ?
EPSS score ?
Summary
The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| micromatch | braces |
Version: 0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:micromatch:braces:3.0.3:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "braces", vendor: "micromatch", versions: [ { lessThan: "3.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4068", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T11:10:08.649102Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-13T20:12:58.696Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:26:57.297Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/micromatch/braces/issues/35", }, { tags: [ "x_transferred", ], url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { tags: [ "x_transferred", ], url: "https://github.com/micromatch/braces/pull/37", }, { tags: [ "x_transferred", ], url: "https://github.com/micromatch/braces/pull/40", }, { tags: [ "x_transferred", ], url: "https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://www.npmjs.com/package/micromatch", defaultStatus: "unknown", packageName: "braces", product: "braces", programFiles: [ "lib/parse.js", ], repo: "https://github.com/micromatch/braces", vendor: "micromatch", versions: [ { changes: [ { at: "3.0.3", status: "unaffected", }, ], lessThanOrEqual: "3.0.2", status: "affected", version: "0", versionType: "git", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Mário Teixeira, Checkmarx Research Group", }, ], datePublic: "2024-05-13T12:44:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div><p>The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.</p></div>", }, ], value: "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1050", description: "CWE-1050: Excessive Platform Resource Consumption within a Loop", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T13:10:11.179Z", orgId: "596c5446-0ce5-4ba2-aa66-48b3b757a647", shortName: "Checkmarx", }, references: [ { url: "https://github.com/micromatch/braces/issues/35", }, { url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { url: "https://github.com/micromatch/braces/pull/37", }, { url: "https://github.com/micromatch/braces/pull/40", }, { url: "https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to version 3.0.3 to mitigate the issue.", }, ], value: "Update to version 3.0.3 to mitigate the issue.", }, ], source: { discovery: "UNKNOWN", }, title: "Memory Exhaustion in braces", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "596c5446-0ce5-4ba2-aa66-48b3b757a647", assignerShortName: "Checkmarx", cveId: "CVE-2024-4068", datePublished: "2024-05-13T10:06:38.152Z", dateReserved: "2024-04-23T13:31:17.738Z", dateUpdated: "2024-11-06T13:10:11.179Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37890
Vulnerability from cvelistv5
Published
2024-06-17 19:09
Modified
2024-08-02 03:57
Severity ?
EPSS score ?
Summary
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q | x_refsource_CONFIRM | |
| https://github.com/websockets/ws/issues/2230 | x_refsource_MISC | |
| https://github.com/websockets/ws/pull/2231 | x_refsource_MISC | |
| https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f | x_refsource_MISC | |
| https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e | x_refsource_MISC | |
| https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c | x_refsource_MISC | |
| https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63 | x_refsource_MISC | |
| https://nodejs.org/api/http.html#servermaxheaderscount | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| websockets | ws |
Version: >= 2.1.0, < 5.2.4 Version: >= 6.0.0, < 6.2.3 Version: >= 7.0.0, < 7.5.10 Version: >= 8.0.0, < 8.17.1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { status: "affected", version: "2.1.0", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { lessThan: "5.2.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { status: "affected", version: "6.0.0", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { lessThan: "6.2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { status: "affected", version: "7.0.0", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { lessThan: "7.5.10", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { status: "affected", version: "8.0.0", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { lessThan: "8.17.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-37890", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-18T13:25:45.808140Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T13:44:06.402Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:57:40.022Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", }, { name: "https://github.com/websockets/ws/issues/2230", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/issues/2230", }, { name: "https://github.com/websockets/ws/pull/2231", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/pull/2231", }, { name: "https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f", }, { name: "https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e", }, { name: "https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c", }, { name: "https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63", }, { name: "https://nodejs.org/api/http.html#servermaxheaderscount", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nodejs.org/api/http.html#servermaxheaderscount", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ws", vendor: "websockets", versions: [ { status: "affected", version: ">= 2.1.0, < 5.2.4", }, { status: "affected", version: ">= 6.0.0, < 6.2.3", }, { status: "affected", version: ">= 7.0.0, < 7.5.10", }, { status: "affected", version: ">= 8.0.0, < 8.17.1", }, ], }, ], descriptions: [ { lang: "en", value: "ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-17T19:09:02.127Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", }, { name: "https://github.com/websockets/ws/issues/2230", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/issues/2230", }, { name: "https://github.com/websockets/ws/pull/2231", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/pull/2231", }, { name: "https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f", }, { name: "https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e", }, { name: "https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c", }, { name: "https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63", }, { name: "https://nodejs.org/api/http.html#servermaxheaderscount", tags: [ "x_refsource_MISC", ], url: "https://nodejs.org/api/http.html#servermaxheaderscount", }, ], source: { advisory: "GHSA-3h5v-q93c-6h6q", discovery: "UNKNOWN", }, title: "Denial of service when handling a request with many HTTP headers in ws", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-37890", datePublished: "2024-06-17T19:09:02.127Z", dateReserved: "2024-06-10T19:54:41.360Z", dateUpdated: "2024-08-02T03:57:40.022Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6345
Vulnerability from cvelistv5
Published
2024-07-15 00:00
Modified
2024-08-01 21:33
Severity ?
EPSS score ?
Summary
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pypa | pypa/setuptools |
Version: unspecified < 70.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python:setuptools:69.1.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "setuptools", vendor: "python", versions: [ { lessThan: "70.0", status: "affected", version: "69.1.1", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-6345", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-15T13:33:16.586239Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-15T13:38:34.323Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:33:05.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", }, { tags: [ "x_transferred", ], url: "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "pypa/setuptools", vendor: "pypa", versions: [ { lessThan: "70.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-15T00:00:14.545Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", }, { url: "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", }, ], source: { advisory: "d6362117-ad57-4e83-951f-b8141c6e7ca5", discovery: "EXTERNAL", }, title: "Remote Code Execution in pypa/setuptools", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-6345", datePublished: "2024-07-15T00:00:14.545Z", dateReserved: "2024-06-26T08:16:17.895Z", dateUpdated: "2024-08-01T21:33:05.517Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24795
Vulnerability from cvelistv5
Published
2022-04-05 00:00
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| brianmario | yajl-ruby |
Version: <= 1.4.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm", }, { tags: [ "x_transferred", ], url: "https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6", }, { tags: [ "x_transferred", ], url: "https://github.com/brianmario/yajl-ruby/blob/7168bd79b888900aa94523301126f968a93eb3a6/ext/yajl/yajl_buf.c#L64", }, { name: "[debian-lts-announce] 20230711 [SECURITY] [DLA 3492-1] yajl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html", }, { name: "FEDORA-2023-00572178e1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/", }, { name: "FEDORA-2023-852b377773", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/", }, { name: "[debian-lts-announce] 20230805 [SECURITY] [DLA 3516-1] burp security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "yajl-ruby", vendor: "brianmario", versions: [ { status: "affected", version: "<= 1.4.1", }, ], }, ], descriptions: [ { lang: "en", value: "yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-05T00:00:00", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm", }, { url: "https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6", }, { url: "https://github.com/brianmario/yajl-ruby/blob/7168bd79b888900aa94523301126f968a93eb3a6/ext/yajl/yajl_buf.c#L64", }, { name: "[debian-lts-announce] 20230711 [SECURITY] [DLA 3492-1] yajl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html", }, { name: "FEDORA-2023-00572178e1", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/", }, { name: "FEDORA-2023-852b377773", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/", }, { name: "[debian-lts-announce] 20230805 [SECURITY] [DLA 3516-1] burp security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html", }, ], source: { advisory: "GHSA-jj47-x69x-mxrm", discovery: "UNKNOWN", }, title: "Buffer Overflow and Integer Overflow in yajl-ruby", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24795", datePublished: "2022-04-05T00:00:00", dateReserved: "2022-02-10T00:00:00", dateUpdated: "2024-08-03T04:20:50.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45491
Vulnerability from cvelistv5
Published
2024-08-30 00:00
Modified
2024-10-18 13:07
Severity ?
EPSS score ?
Summary
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:libexpat:expat:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "expat", vendor: "libexpat", versions: [ { lessThan: "2.6.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-45491", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-30T13:53:48.624463Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-30T13:53:54.158Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-10-18T13:07:42.647Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20241018-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-30T02:09:56.787375", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/libexpat/libexpat/pull/891", }, { url: "https://github.com/libexpat/libexpat/issues/888", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-45491", datePublished: "2024-08-30T00:00:00", dateReserved: "2024-08-30T00:00:00", dateUpdated: "2024-10-18T13:07:42.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6597
Vulnerability from cvelistv5
Published
2024-03-19 15:44
Modified
2024-11-05 19:16
Severity ?
EPSS score ?
Summary
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python_software_foundation", versions: [ { lessThan: "3.8.19", status: "affected", version: "0", versionType: "custom", }, { lessThan: "3.9.19", status: "affected", version: "3.9.0", versionType: "custom", }, { lessThan: "3.10.14", status: "affected", version: "3.10.0", versionType: "custom", }, { lessThan: "3.11.8", status: "affected", version: "3.11.0", versionType: "custom", }, { lessThan: "3.12.1", status: "affected", version: "3.12.0", versionType: "custom", }, { lessThan: "3.13.0a3", status: "affected", version: "3.13.0a1", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-6597", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-05T19:08:44.665083Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-05T19:16:27.862Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:35:14.863Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/python/cpython/issues/91133", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/20/5", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.19", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.19", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.14", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.8", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.1", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0a3", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.<br><br>The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.<br>", }, ], value: "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-13T19:24:11.289Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/91133", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/20/5", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2023-6597", datePublished: "2024-03-19T15:44:28.989Z", dateReserved: "2023-12-07T20:59:23.246Z", dateUpdated: "2024-11-05T19:16:27.862Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-47220
Vulnerability from cvelistv5
Published
2024-09-22 00:00
Modified
2025-01-09 17:33
Severity ?
EPSS score ?
Summary
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ruby:webrick:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "webrick", vendor: "ruby", versions: [ { lessThanOrEqual: "1.8.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-47220", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-23T15:01:28.031073Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T17:33:17.696Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier's position is \"Webrick should not be used in production.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-25T14:15:45.642637", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/ruby/webrick/issues/145", }, { url: "https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841", }, { url: "https://github.com/ruby/webrick/issues/145#issuecomment-2369994610", }, { url: "https://github.com/ruby/webrick/issues/145#issuecomment-2372838285", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-47220", datePublished: "2024-09-22T00:00:00", dateReserved: "2024-09-22T00:00:00", dateUpdated: "2025-01-09T17:33:17.696Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-47554
Vulnerability from cvelistv5
Published
2024-10-03 11:32
Modified
2025-01-31 15:02
Severity ?
EPSS score ?
Summary
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Commons IO |
Version: 2.0 ≤ |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-47554", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T13:00:56.326970Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-04T15:03:37.949Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-31T15:02:47.229Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/10/03/2", }, { url: "https://security.netapp.com/advisory/ntap-20250131-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://repo.maven.apache.org/maven2", defaultStatus: "unaffected", packageName: "commons-io:commons-io", product: "Apache Commons IO", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.14.0", status: "affected", version: "2.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "tool", value: "CodeQL", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Uncontrolled Resource Consumption vulnerability in Apache Commons IO.</p><p>The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.<br></p><p>This issue affects Apache Commons IO: from 2.0 before 2.14.0.</p><p>Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.</p>", }, ], value: "Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-03T11:32:48.936Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, ], source: { discovery: "EXTERNAL", }, title: "Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-47554", datePublished: "2024-10-03T11:32:48.936Z", dateReserved: "2024-09-26T16:12:46.116Z", dateUpdated: "2025-01-31T15:02:47.229Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41946
Vulnerability from cvelistv5
Published
2024-08-01 14:22
Modified
2025-01-17 20:02
Severity ?
EPSS score ?
Summary
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4 | x_refsource_CONFIRM | |
| https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368 | x_refsource_MISC | |
| https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml | x_refsource_MISC | |
| https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*", ], defaultStatus: "unknown", product: "rexml", vendor: "ruby-lang", versions: [ { lessThan: "3.3.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-41946", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-01T15:45:10.507112Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-01T15:50:11.993Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-17T20:02:56.618Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20250117-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "rexml", vendor: "ruby", versions: [ { status: "affected", version: "< 3.3.3", }, ], }, ], descriptions: [ { lang: "en", value: "REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-01T14:22:14.014Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4", }, { name: "https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368", tags: [ "x_refsource_MISC", ], url: "https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368", }, { name: "https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml", tags: [ "x_refsource_MISC", ], url: "https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml", }, { name: "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946", tags: [ "x_refsource_MISC", ], url: "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946", }, ], source: { advisory: "GHSA-5866-49gr-22v4", discovery: "UNKNOWN", }, title: "REXML DoS vulnerability", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-41946", datePublished: "2024-08-01T14:22:14.014Z", dateReserved: "2024-07-24T16:51:40.948Z", dateUpdated: "2025-01-17T20:02:56.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37371
Vulnerability from cvelistv5
Published
2024-06-28 00:00
Modified
2025-03-13 20:28
Severity ?
EPSS score ?
Summary
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-37371", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T15:31:33.769366Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T20:28:07.509Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-11-08T15:02:51.712Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://web.mit.edu/kerberos/www/advisories/", }, { tags: [ "x_transferred", ], url: "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", }, { url: "https://security.netapp.com/advisory/ntap-20241108-0009/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-28T22:06:30.396Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://web.mit.edu/kerberos/www/advisories/", }, { url: "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-37371", datePublished: "2024-06-28T00:00:00.000Z", dateReserved: "2024-06-06T00:00:00.000Z", dateUpdated: "2025-03-13T20:28:07.509Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24786
Vulnerability from cvelistv5
Published
2024-03-05 22:22
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | google.golang.org/protobuf | google.golang.org/protobuf/encoding/protojson |
Version: 0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "go", vendor: "golang", versions: [ { lessThan: "1.33.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-24786", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T16:22:27.828054Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T16:23:32.865Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:28:12.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/cl/569356", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2024-2611", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240517-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "google.golang.org/protobuf/encoding/protojson", product: "google.golang.org/protobuf/encoding/protojson", programRoutines: [ { name: "UnmarshalOptions.unmarshal", }, { name: "Unmarshal", }, { name: "UnmarshalOptions.Unmarshal", }, ], vendor: "google.golang.org/protobuf", versions: [ { lessThan: "1.33.0", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "google.golang.org/protobuf/internal/encoding/json", product: "google.golang.org/protobuf/internal/encoding/json", programRoutines: [ { name: "Decoder.Read", }, { name: "Decoder.Peek", }, ], vendor: "google.golang.org/protobuf", versions: [ { lessThan: "1.33.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-1286: Improper Validation of Syntactic Correctness of Input", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-10T17:12:44.017Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/cl/569356", }, { url: "https://pkg.go.dev/vuln/GO-2024-2611", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { url: "https://security.netapp.com/advisory/ntap-20240517-0002/", }, ], title: "Infinite loop in JSON unmarshaling in google.golang.org/protobuf", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2024-24786", datePublished: "2024-03-05T22:22:35.299Z", dateReserved: "2024-01-30T16:05:14.757Z", dateUpdated: "2025-02-13T17:40:25.868Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45296
Vulnerability from cvelistv5
Published
2024-09-09 19:07
Modified
2025-01-24 20:03
Severity ?
EPSS score ?
Summary
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pillarjs | path-to-regexp |
Version: < 0.1.10 Version: >= 0.2.0, < 8.0.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "path-to-regexp", vendor: "pillarjs", versions: [ { lessThan: "0.1.0", status: "affected", version: "0", versionType: "custom", }, { lessThan: "8.0.0", status: "affected", version: "0.2.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45296", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-09T19:32:57.513942Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-09T19:38:12.783Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-24T20:03:07.723Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20250124-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "path-to-regexp", vendor: "pillarjs", versions: [ { status: "affected", version: "< 0.1.10", }, { status: "affected", version: ">= 0.2.0, < 8.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333: Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-09T19:07:40.313Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, { name: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", tags: [ "x_refsource_MISC", ], url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { name: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", tags: [ "x_refsource_MISC", ], url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, ], source: { advisory: "GHSA-9wv6-86v2-598j", discovery: "UNKNOWN", }, title: "path-to-regexp outputs backtracking regular expressions", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-45296", datePublished: "2024-09-09T19:07:40.313Z", dateReserved: "2024-08-26T18:25:35.442Z", dateUpdated: "2025-01-24T20:03:07.723Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41186
Vulnerability from cvelistv5
Published
2021-10-29 13:40
Modified
2024-08-04 03:08
Severity ?
EPSS score ?
Summary
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:08:31.511Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "fluentd", vendor: "fluent", versions: [ { status: "affected", version: ">= 0.14.14, < 1.14.2", }, ], }, ], descriptions: [ { lang: "en", value: "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-29T13:40:10", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md", }, ], source: { advisory: "GHSA-hwhf-64mh-r662", discovery: "UNKNOWN", }, title: "ReDoS vulnerability in parser_apache2", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-41186", STATE: "PUBLIC", TITLE: "ReDoS vulnerability in parser_apache2", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "fluentd", version: { version_data: [ { version_value: ">= 0.14.14, < 1.14.2", }, ], }, }, ], }, vendor_name: "fluent", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400: Uncontrolled Resource Consumption", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662", refsource: "CONFIRM", url: "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662", }, { name: "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142", refsource: "MISC", url: "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142", }, { name: "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md", refsource: "MISC", url: "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md", }, ], }, source: { advisory: "GHSA-hwhf-64mh-r662", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-41186", datePublished: "2021-10-29T13:40:10", dateReserved: "2021-09-15T00:00:00", dateUpdated: "2024-08-04T03:08:31.511Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0759
Vulnerability from cvelistv5
Published
2022-03-25 18:03
Modified
2024-08-02 23:40
Severity ?
EPSS score ?
Summary
A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ManageIQ/kubeclient/issues/554 | x_refsource_MISC | |
| https://github.com/ManageIQ/kubeclient/issues/555 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | kubeclient |
Version: 4.9.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:40:03.643Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/ManageIQ/kubeclient/issues/554", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/ManageIQ/kubeclient/issues/555", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kubeclient", vendor: "n/a", versions: [ { status: "affected", version: "4.9.3", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-25T18:03:10", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/ManageIQ/kubeclient/issues/554", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/ManageIQ/kubeclient/issues/555", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-0759", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "kubeclient", version: { version_data: [ { version_value: "4.9.3", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-295", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/ManageIQ/kubeclient/issues/554", refsource: "MISC", url: "https://github.com/ManageIQ/kubeclient/issues/554", }, { name: "https://github.com/ManageIQ/kubeclient/issues/555", refsource: "MISC", url: "https://github.com/ManageIQ/kubeclient/issues/555", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-0759", datePublished: "2022-03-25T18:03:10", dateReserved: "2022-02-24T00:00:00", dateUpdated: "2024-08-02T23:40:03.643Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.