CWE-124
Buffer Underwrite ('Buffer Underflow')
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
CVE-2018-15361 (GCVE-0-2018-15361)
Vulnerability from cvelistv5
Published
2019-03-05 15:00
Modified
2024-09-16 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-124 - Buffer Underwrite
Summary
UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.
References
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:54:02.423Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "UltraVNC", "vendor": "UltraVNC", "versions": [ { "status": "affected", "version": "1.2.2.3" } ] } ], "datePublic": "2019-03-01T00:00:00", "descriptions": [ { "lang": "en", "value": "UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "CWE-124: Buffer Underwrite", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-10T21:34:40", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnerability@kaspersky.com", "DATE_PUBLIC": "2019-03-01T00:00:00", "ID": "CVE-2018-15361", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "UltraVNC", "version": { "version_data": [ { "version_value": "1.2.2.3" } ] } } ] }, "vendor_name": "UltraVNC" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-124: Buffer Underwrite" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06" } ] } } } }, "cveMetadata": { "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2018-15361", "datePublished": "2019-03-05T15:00:00Z", "dateReserved": "2018-08-15T00:00:00", "dateUpdated": "2024-09-16T17:07:56.107Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-5388 (GCVE-0-2018-5388)
Vulnerability from cvelistv5
Published
2018-05-31 00:00
Modified
2024-08-05 05:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
References
► | URL | Tags |
---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
strongSwan | strongSwan |
Version: 5.6.3 < 5.6.3 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:33:44.315Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#338343", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/338343" }, { "name": "GLSA-201811-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201811-16" }, { "tags": [ "x_transferred" ], "url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4" }, { "name": "104263", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104263" }, { "name": "USN-3771-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3771-1/" }, { "name": "DSA-4229", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4229" }, { "name": "openSUSE-SU-2019:2594", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html" }, { "name": "openSUSE-SU-2019:2598", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html" }, { "name": "openSUSE-SU-2020:0403", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "strongSwan", "vendor": "strongSwan", "versions": [ { "lessThan": "5.6.3", "status": "affected", "version": "5.6.3", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Thanks to Kevin Backhouse for reporting this vulnerability." } ], "datePublic": "2018-05-22T00:00:00", "descriptions": [ { "lang": "en", "value": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "CWE-124", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T00:00:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "VU#338343", "tags": [ "third-party-advisory" ], "url": "http://www.kb.cert.org/vuls/id/338343" }, { "name": "GLSA-201811-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/201811-16" }, { "url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4" }, { "name": "104263", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/104263" }, { "name": "USN-3771-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3771-1/" }, { "name": "DSA-4229", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2018/dsa-4229" }, { "name": "openSUSE-SU-2019:2594", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html" }, { "name": "openSUSE-SU-2019:2598", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html" }, { "name": "openSUSE-SU-2020:0403", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html" }, { "url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html" } ], "source": { "discovery": "UNKNOWN" } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2018-5388", "datePublished": "2018-05-31T00:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-08-05T05:33:44.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-9086 (GCVE-0-2020-9086)
Vulnerability from cvelistv5
Published
2024-12-27 09:40
Modified
2024-12-27 15:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-124 - Buffer Underwrite ('Buffer Underflow')
Summary
There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Huawei | HUAWEI 4G Router B612 |
Version: B612s-25dTCPU-V100R001B192D03SP00C234 Version: B612s-25dTCPU-V100R001B192D03SP00C287 Version: B612s-25dTCPU-V100R001B192D05SP00C00 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2020-9086", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-27T15:06:44.647462Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-27T15:06:52.987Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "HUAWEI 4G Router B612", "vendor": "Huawei", "versions": [ { "status": "affected", "version": "B612s-25dTCPU-V100R001B192D03SP00C234" }, { "status": "affected", "version": "B612s-25dTCPU-V100R001B192D03SP00C287" }, { "status": "affected", "version": "B612s-25dTCPU-V100R001B192D05SP00C00" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThere is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.\u003c/p\u003e" } ], "value": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "CWE-124 Buffer Underwrite (\u0027Buffer Underflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-27T09:40:03.261Z", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei" }, "references": [ { "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9086", "datePublished": "2024-12-27T09:40:03.261Z", "dateReserved": "2020-02-18T00:00:00.000Z", "dateUpdated": "2024-12-27T15:06:52.987Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-36064 (GCVE-0-2021-36064)
Vulnerability from cvelistv5
Published
2021-09-01 14:33
Modified
2024-09-17 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-124 - Buffer Underwrite ('Buffer Underflow') ()
Summary
XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | XMP Toolkit |
Version: unspecified < Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:47:43.800Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html" }, { "name": "[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "XMP Toolkit", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2020.1", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-08-16T00:00:00", "descriptions": [ { "lang": "en", "value": "XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "Buffer Underwrite (\u0027Buffer Underflow\u0027) (CWE-124)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-26T00:06:16.784146", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html" }, { "name": "[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "XMP Toolkit SDK SVG_Adapter ParseFullNS Buffer Underflow" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2021-36064", "datePublished": "2021-09-01T14:33:45.316755Z", "dateReserved": "2021-06-30T00:00:00", "dateUpdated": "2024-09-17T01:16:35.512Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-38575 (GCVE-0-2021-38575)
Vulnerability from cvelistv5
Published
2021-12-01 00:00
Modified
2024-08-04 01:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-124 - A case of , CWE-680, and CWE-252 is occurring in NetworkPkg/IScsiDxe.
Summary
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:23.483Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356" }, { "tags": [ "x_transferred" ], "url": "https://www.insyde.com/security-pledge/SA-2023025" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EDK II", "vendor": "TianoCore", "versions": [ { "lessThanOrEqual": "edk2-stable202105", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "NetworkPkg/IScsiDxe has remotely exploitable buffer overflows." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "A case of CWE-124, CWE-680, and CWE-252 is occurring in NetworkPkg/IScsiDxe.", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-23T00:00:00", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356" }, { "url": "https://www.insyde.com/security-pledge/SA-2023025" } ] } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2021-38575", "datePublished": "2021-12-01T00:00:00", "dateReserved": "2021-08-11T00:00:00", "dateUpdated": "2024-08-04T01:44:23.483Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-38578 (GCVE-0-2021-38578)
Vulnerability from cvelistv5
Published
2022-03-03 21:53
Modified
2025-04-23 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-124 - A case of is occurring in PiSmmCore.
Summary
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
References
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:23.499Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387" }, { "tags": [ "x_transferred" ], "url": "https://www.insyde.com/security-pledge/SA-2023024" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-38578", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T13:13:33.412696Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T18:59:05.792Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EDK II", "vendor": "TianoCore", "versions": [ { "status": "affected", "version": "edk2-stable202208" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eExisting CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.\u003c/p\u003e" } ], "value": "Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "A case of CWE-124 is occurring in PiSmmCore.", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-06T00:55:57.322Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387" }, { "url": "https://www.insyde.com/security-pledge/SA-2023024" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2021-38578", "datePublished": "2022-03-03T21:53:37.000Z", "dateReserved": "2021-08-11T00:00:00.000Z", "dateUpdated": "2025-04-23T18:59:05.792Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-20683 (GCVE-0-2022-20683)
Vulnerability from cvelistv5
Published
2022-04-15 14:16
Modified
2024-11-06 16:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XE Software |
Version: n/a |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:53.170Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220413 Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-fnf-dos-bOL5vLge" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20683", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T16:01:44.839830Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:26:03.493Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-04-13T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "CWE-124", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-15T14:16:18", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220413 Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-fnf-dos-bOL5vLge" } ], "source": { "advisory": "cisco-sa-c9800-fnf-dos-bOL5vLge", "defect": [ [ "CSCvx21714" ] ], "discovery": "INTERNAL" }, "title": "Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-04-13T23:00:00", "ID": "CVE-2022-20683", "STATE": "PUBLIC", "TITLE": "Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco IOS XE Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-124" } ] } ] }, "references": { "reference_data": [ { "name": "20220413 Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-fnf-dos-bOL5vLge" } ] }, "source": { "advisory": "cisco-sa-c9800-fnf-dos-bOL5vLge", "defect": [ [ "CSCvx21714" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20683", "datePublished": "2022-04-15T14:16:19.103273Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:26:03.493Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-33896 (GCVE-0-2022-33896)
Vulnerability from cvelistv5
Published
2022-10-07 15:05
Modified
2025-04-15 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-124 - Buffer Underwrite ('Buffer Underflow')
Summary
A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Hancom | Hancom Office 2020 |
Version: Hancom Office 2020 11.0.0.5357 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:09:22.670Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-33896", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-15T18:17:57.796842Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-15T18:49:15.593Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Hancom Office 2020", "vendor": "Hancom", "versions": [ { "status": "affected", "version": "Hancom Office 2020 11.0.0.5357" } ] } ], "datePublic": "2022-10-04T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "CWE-124: Buffer Underwrite (\u0027Buffer Underflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-07T00:00:00.000Z", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos" }, "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574" } ] } }, "cveMetadata": { "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2022-33896", "datePublished": "2022-10-07T15:05:08.443Z", "dateReserved": "2022-07-05T00:00:00.000Z", "dateUpdated": "2025-04-15T18:49:15.593Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-25610 (GCVE-0-2023-25610)
Vulnerability from cvelistv5
Published
2025-03-24 15:39
Modified
2025-03-24 18:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-124 - Execute unauthorized code or commands
Summary
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | Fortinet | FortiSwitchManager |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.1 |
|||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-25610", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-03-24T16:26:39.771566Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-24T18:42:44.673Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.1", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAnalyzer", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "lessThanOrEqual": "7.0.4", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.10", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.11", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiOS-6K7K", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.0.5" }, { "status": "affected", "version": "6.4.10" }, { "status": "affected", "version": "6.4.8" }, { "status": "affected", "version": "6.4.6" }, { "status": "affected", "version": "6.4.2" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.9", "versionType": "semver" }, { "lessThanOrEqual": "6.2.7", "status": "affected", "version": "6.2.6", "versionType": "semver" }, { "status": "affected", "version": "6.2.4" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.12", "versionType": "semver" }, { "status": "affected", "version": "6.0.10" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "5.6.14", "status": "affected", "version": "5.6.0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.13", "status": "affected", "version": "5.4.0", "versionType": "semver" }, { "lessThanOrEqual": "5.2.15", "status": "affected", "version": "5.2.0", "versionType": "semver" }, { "lessThanOrEqual": "5.0.14", "status": "affected", "version": "5.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "lessThanOrEqual": "7.0.4", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.10", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.11", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiWeb", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.6", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.2", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.3.22", "status": "affected", "version": "6.3.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.7", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.3", "status": "affected", "version": "6.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer underwrite (\u0027buffer underflow\u0027) vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-24T15:39:48.167Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-001", "url": "https://fortiguard.com/psirt/FG-IR-23-001" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above\r\nPlease upgrade to FortiOS version 6.2.13 or above\r\nPlease upgrade to FortiWeb version 7.2.2 or above\r\nPlease upgrade to FortiWeb version 7.0.7 or above\r\nPlease upgrade to FortiWeb version 6.4.3 or above\r\nPlease upgrade to FortiWeb version 6.3.23 or above\r\nPlease upgrade to FortiWeb version 6.2.8 or above\r\nPlease upgrade to FortiWeb version 6.1.4 or above\r\nPlease upgrade to upcoming FortiOS version 6.0.17 or above\r\nPlease upgrade to FortiSwitchManager version 7.2.2 or above\r\nPlease upgrade to FortiSwitchManager version 7.0.2 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.9 or above\r\nPlease upgrade to FortiManager version 7.2.1 or above\r\nPlease upgrade to FortiManager version 7.0.5 or above\r\nPlease upgrade to FortiManager version 6.4.12 or above\r\nPlease upgrade to FortiManager version 6.2.11 or above\r\nPlease upgrade to FortiManager version 6.0.12 or above\r\nPlease upgrade to FortiOS-6K7K version 7.0.10 or above\r\nPlease upgrade to FortiOS-6K7K version 6.4.12 or above\r\nPlease upgrade to FortiOS-6K7K version 6.2.13 or above\r\nPlease upgrade to FortiAnalyzer version 7.2.1 or above\r\nPlease upgrade to FortiAnalyzer version 7.0.5 or above\r\nPlease upgrade to FortiAnalyzer version 6.4.12 or above\r\nPlease upgrade to FortiAnalyzer version 6.2.11 or above\r\nPlease upgrade to FortiAnalyzer version 6.0.12 or above\r\n\r\n\r\n## Workaround for FortiOS:\r\n\r\n\r\n\r\nDisable HTTP/HTTPS administrative interface\r\n\r\nOR\r\n\r\nLimit IP addresses that can reach the administrative interface:\r\n\r\n\r\n```\r\nconfig firewall address\r\nedit my_allowed_addresses\r\nset subnet Y IP MY SUBNET\r\nend\r\n```\r\n\r\nThen create an Address Group:\r\n\r\n\r\n```\r\nconfig firewall addrgrp\r\nedit MGMT_IPs\r\nset member my_allowed_addresses\r\nend\r\n```\r\n\r\nCreate the Local in Policy to restrict access only to the predefined group on management interface (here: port1):\r\n\r\n\r\n```\r\nconfig firewall local-in-policy\r\nedit 1\r\nset intf port1\r\nset srcaddr MGMT_IPs\r\nset dstaddr all\r\nset action accept\r\nset service HTTPS HTTP\r\nset schedule always\r\nset status enable\r\nnext\r\n\r\n\r\n\r\nedit 2\r\nset intf any\r\nset srcaddr all\r\nset dstaddr all\r\nset action deny\r\nset service HTTPS HTTP\r\nset schedule always\r\nset status enable\r\nend\r\n```\r\n\r\n\r\nIf using non default ports, create appropriate service object for GUI administrative access:\r\n\r\n```\r\nconfig firewall service custom\r\nedit GUI_HTTPS\r\nset tcp-portrange admin-sport\r\nnext\r\nedit GUI_HTTP\r\nset tcp-portrange admin-port\r\nend\r\n```\r\n\r\n\r\nUse these objects instead of \"HTTPS HTTP\" in the local-in policy 1 and 2 below.\r\n\r\n\r\nWhen using an HA reserved management interface, the local in policy needs to be configured slightly differently - please see: \r\n\r\nhttps://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-a-local-in-policy-on-a-HA/ta-p/222005\r\n\r\nPlease contact customer support for assistance.\r\n\r\n\r\n## Workaround for FortiManager and FortiAnalyzer:\r\n\r\n\r\nLimit IP addresses that can reach the administrative interface\r\n\r\n\r\n## Workaround for FortiWeb:\r\n\r\n\r\n\r\nDisable HTTP/HTTPS administrative interface\r\n\r\nOR\r\n\r\nLimit IP addresses that can reach the administrative interface" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-25610", "datePublished": "2025-03-24T15:39:48.167Z", "dateReserved": "2023-02-08T13:42:03.367Z", "dateUpdated": "2025-03-24T18:42:44.673Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-31130 (GCVE-0-2023-31130)
Vulnerability from cvelistv5
Published
2023-05-25 21:45
Modified
2025-02-13 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-124 - Buffer Underwrite ('Buffer Underflow')
Summary
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:26.018Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v" }, { "name": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5419" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240605-0005/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-31130", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-16T18:35:37.326640Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-16T18:35:44.800Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "c-ares", "vendor": "c-ares", "versions": [ { "status": "affected", "version": "\u003c 1.19.1" } ] } ], "descriptions": [ { "lang": "en", "value": "c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular \"0::00:00:00/2\" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "CWE-124: Buffer Underwrite (\u0027Buffer Underflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T16:08:34.510Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v" }, { "name": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "url": "https://www.debian.org/security/2023/dsa-5419" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "url": "https://security.gentoo.org/glsa/202310-09" }, { "url": "https://security.netapp.com/advisory/ntap-20240605-0005/" } ], "source": { "advisory": "GHSA-x6mf-cxr9-8q6v", "discovery": "UNKNOWN" }, "title": "Buffer Underwrite in ares_inet_net_pton()" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-31130", "datePublished": "2023-05-25T21:45:42.645Z", "dateReserved": "2023-04-24T21:44:10.416Z", "dateUpdated": "2025-02-13T16:49:44.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Requirements
Description:
- Choose a language that is not susceptible to these issues.
Mitigation
Phase: Implementation
Description:
- All calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range.
No CAPEC attack patterns related to this CWE.