Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-2853
Vulnerability from csaf_certbund
Published
2023-11-07 23:00
Modified
2025-03-02 23:00
Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen oder beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen oder beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2853 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2853.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2853 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2853"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6343"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6365"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6371"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6385"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6492"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6518"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6523"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6549"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6542"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6551"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6566"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6569"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6621"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6631"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6661"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6685"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6705"
},
{
"category": "external",
"summary": "RedHatSecurity Advisory vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6712"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7038 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7038"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7187 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7187"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6943 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:6943"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7052 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7052"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6940 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:6940"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7057 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7057"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6944 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:6944"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7010 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7010"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7174 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7174"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7022 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7022"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7166 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7166"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-6712 vom 2023-11-16",
"url": "https://linux.oracle.com/errata/ELSA-2023-6712.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-6940 vom 2023-11-21",
"url": "https://linux.oracle.com/errata/ELSA-2023-6940.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202311-18 vom 2023-11-27",
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-2362 vom 2023-12-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2362.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7741 vom 2023-12-12",
"url": "https://access.redhat.com/errata/RHSA-2023:7741"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7820 vom 2023-12-14",
"url": "https://access.redhat.com/errata/RHSA-2023:7820"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0343 vom 2024-01-24",
"url": "https://linux.oracle.com/errata/ELSA-2024-0343.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0343 vom 2024-01-24",
"url": "https://access.redhat.com/errata/RHSA-2024:0343"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0406 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0406"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0422 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0422"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2024:0343 vom 2024-01-26",
"url": "https://lists.centos.org/pipermail/centos-announce/2024-January/099213.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0579 vom 2024-01-30",
"url": "https://access.redhat.com/errata/RHSA-2024:0579"
},
{
"category": "external",
"summary": "Meinberg Security Advisory",
"url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2024-01-lantime-firmware-v7-08-007.htm"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1102 vom 2024-03-05",
"url": "https://access.redhat.com/errata/RHSA-2024:1102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1412 vom 2024-03-19",
"url": "https://access.redhat.com/errata/RHSA-2024:1412"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2033 vom 2024-04-25",
"url": "http://linux.oracle.com/errata/ELSA-2024-2033.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2063 vom 2024-04-25",
"url": "https://access.redhat.com/errata/RHSA-2024:2063"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2092 vom 2024-05-01",
"url": "https://access.redhat.com/errata/RHSA-2024:2092"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2093 vom 2024-05-01",
"url": "https://access.redhat.com/errata/RHSA-2024:2093"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2580 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2580"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2994 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2994"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3214 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3214"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2994 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2994.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6796-1 vom 2024-05-29",
"url": "https://ubuntu.com/security/notices/USN-6796-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3812 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3812"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4408 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4408"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4430 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4430"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4739 vom 2024-07-23",
"url": "https://access.redhat.com/errata/RHSA-2024:4739"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-33 vom 2024-08-12",
"url": "https://security.gentoo.org/glsa/202408-33"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-18 vom 2024-09-22",
"url": "https://security.gentoo.org/glsa/202409-18"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10761 vom 2024-12-03",
"url": "https://access.redhat.com/errata/RHSA-2024:10761"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0309 vom 2025-01-14",
"url": "https://access.redhat.com/errata/RHSA-2025:0309"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1013 vom 2025-02-04",
"url": "https://access.redhat.com/errata/RHSA-2025:1013"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7266-1 vom 2025-02-13",
"url": "https://ubuntu.com/security/notices/USN-7266-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0741-1 vom 2025-02-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UWWCXAWW252IRDVZWN2IV6HUZ37SPATI/"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-03-02T23:00:00.000+00:00",
"generator": {
"date": "2025-03-03T11:48:50.059+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-2853",
"initial_release_date": "2023-11-07T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-11-07T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-11-14T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-15T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-11-21T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-11-27T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2023-12-04T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-13T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-23T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2024-01-30T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-19T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-24T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-04-25T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-23T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-09-22T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-13T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-12T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "31"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.08.007",
"product": {
"name": "Meinberg LANTIME \u003c7.08.007",
"product_id": "T032435"
}
},
{
"category": "product_version",
"name": "7.08.007",
"product": {
"name": "Meinberg LANTIME 7.08.007",
"product_id": "T032435-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:meinberg:lantime:7.08.007"
}
}
}
],
"category": "product_name",
"name": "LANTIME"
}
],
"category": "vendor",
"name": "Meinberg"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "Red Hat Enterprise Linux 7",
"product_id": "T030979",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T030980",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T030981",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Foundation \u003c4.12.10",
"product": {
"name": "Red Hat OpenShift Data Foundation \u003c4.12.10",
"product_id": "T031698"
}
},
{
"category": "product_version",
"name": "Data Foundation 4.12.10",
"product": {
"name": "Red Hat OpenShift Data Foundation 4.12.10",
"product_id": "T031698-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:data_foundation__4.12.10"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32142",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2021-32142"
},
{
"cve": "CVE-2021-43618",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2021-43618"
},
{
"cve": "CVE-2022-23527",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2022-23527"
},
{
"cve": "CVE-2022-40898",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2022-40898"
},
{
"cve": "CVE-2022-48468",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2022-48468"
},
{
"cve": "CVE-2023-1672",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-1672"
},
{
"cve": "CVE-2023-1786",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-1786"
},
{
"cve": "CVE-2023-22745",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-22745"
},
{
"cve": "CVE-2023-26767",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-26767"
},
{
"cve": "CVE-2023-26768",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-26768"
},
{
"cve": "CVE-2023-26769",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-26769"
},
{
"cve": "CVE-2023-28100",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28100"
},
{
"cve": "CVE-2023-28101",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28101"
},
{
"cve": "CVE-2023-28370",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28370"
},
{
"cve": "CVE-2023-28625",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28625"
},
{
"cve": "CVE-2023-29499",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-29499"
},
{
"cve": "CVE-2023-31486",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-31486"
},
{
"cve": "CVE-2023-32611",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-32611"
},
{
"cve": "CVE-2023-32665",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-32665"
},
{
"cve": "CVE-2023-33204",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-33204"
},
{
"cve": "CVE-2023-33460",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-33460"
},
{
"cve": "CVE-2023-38710",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38710"
},
{
"cve": "CVE-2023-38711",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38711"
},
{
"cve": "CVE-2023-38712",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38712"
},
{
"cve": "CVE-2023-4016",
"product_status": {
"known_affected": [
"T030981",
"T030980",
"T032435",
"T031698",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T030979",
"1727",
"T004914"
]
},
"release_date": "2023-11-07T23:00:00.000+00:00",
"title": "CVE-2023-4016"
}
]
}
CVE-2023-38711 (GCVE-0-2023-38711)
Vulnerability from cvelistv5
Published
2023-08-25 00:00
Modified
2024-08-02 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T19:44:03.355698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T19:44:10.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libreswan/libreswan/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://libreswan.org/security/CVE-2023-38711/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T20:30:07.355397",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libreswan/libreswan/tags"
},
{
"url": "https://libreswan.org/security/CVE-2023-38711/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38711",
"datePublished": "2023-08-25T00:00:00",
"dateReserved": "2023-07-24T00:00:00",
"dateUpdated": "2024-08-02T17:46:56.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40898 (GCVE-0-2022-40898)
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2025-04-15 15:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pypi.org/project/wheel/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18"
},
{
"tags": [
"x_transferred"
],
"url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40898",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T15:53:45.337918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T15:53:50.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://pypi.org/project/wheel/"
},
{
"url": "https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18"
},
{
"url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40898",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-09-19T00:00:00.000Z",
"dateUpdated": "2025-04-15T15:53:50.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28370 (GCVE-0-2023-28370)
Vulnerability from cvelistv5
Published
2023-05-25 00:00
Modified
2025-01-16 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open redirect
Summary
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tornadoweb | Tornado |
Version: versions 6.3.1 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45127776/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T15:19:04.826114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T15:19:11.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Tornado",
"vendor": "tornadoweb",
"versions": [
{
"status": "affected",
"version": "versions 6.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2"
},
{
"url": "https://jvn.jp/en/jp/JVN45127776/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-28370",
"datePublished": "2023-05-25T00:00:00",
"dateReserved": "2023-05-11T00:00:00",
"dateUpdated": "2025-01-16T15:19:11.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32665 (GCVE-0-2023-32665)
Vulnerability from cvelistv5
Published
2023-09-14 19:03
Modified
2025-02-13 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | glib2 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32665",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-27T17:04:41.563399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T19:16:35.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32665"
},
{
"name": "RHBZ#2211827",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "glib2",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 37",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges William Manley as the original reporter."
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T09:06:01.299Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32665"
},
{
"name": "RHBZ#2211827",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gvariant deserialisation does not match spec for non-normal data",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32665",
"datePublished": "2023-09-14T19:03:58.229Z",
"dateReserved": "2023-05-30T11:48:42.074Z",
"dateUpdated": "2025-02-13T16:54:55.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1786 (GCVE-0-2023-1786)
Vulnerability from cvelistv5
Published
2023-04-26 22:23
Modified
2025-02-13 16:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | cloud-init |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/cloud-init/+bug/2013967"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-6042-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T19:16:40.437499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:16:51.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/canonical/cloud-init/releases",
"packageName": "cloud-init",
"platforms": [
"Linux"
],
"product": "cloud-init",
"repo": "https://github.com/canonical/cloud-init/",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "23.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Golovich"
}
],
"datePublic": "2023-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-07T02:06:08.088Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/cloud-init/+bug/2013967"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6042-1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/"
}
],
"title": "sensitive data exposure in cloud-init logs"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-1786",
"datePublished": "2023-04-26T22:23:47.305Z",
"dateReserved": "2023-03-31T20:40:07.757Z",
"dateUpdated": "2025-02-13T16:39:30.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48468 (GCVE-0-2022-48468)
Vulnerability from cvelistv5
Published
2023-04-13 00:00
Modified
2025-02-13 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/protobuf-c/protobuf-c/issues/499"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/protobuf-c/protobuf-c/pull/513"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1"
},
{
"name": "FEDORA-2023-4e094d5297",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/"
},
{
"name": "FEDORA-2023-6cfe134db6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/"
},
{
"name": "FEDORA-2023-8b0938312e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:49:53.192391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:50:47.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-29T04:06:14.418Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/protobuf-c/protobuf-c/issues/499"
},
{
"url": "https://github.com/protobuf-c/protobuf-c/pull/513"
},
{
"url": "https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217"
},
{
"url": "https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1"
},
{
"name": "FEDORA-2023-4e094d5297",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/"
},
{
"name": "FEDORA-2023-6cfe134db6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/"
},
{
"name": "FEDORA-2023-8b0938312e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48468",
"datePublished": "2023-04-13T00:00:00.000Z",
"dateReserved": "2023-04-13T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:34:04.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23527 (GCVE-0-2022-23527)
Vulnerability from cvelistv5
Published
2022-12-14 17:22
Modified
2025-04-18 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zmartzone | mod_auth_openidc |
Version: < 2.4.12.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53"
},
{
"name": "https://github.com/zmartzone/mod_auth_openidc/blob/v2.4.12.1/auth_openidc.conf#L975-L984",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/blob/v2.4.12.1/auth_openidc.conf#L975-L984"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T14:22:50.911621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T14:23:56.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mod_auth_openidc",
"vendor": "zmartzone",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mod_auth_openidc is an OpenID Certified\u2122 authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T00:06:14.639Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53"
},
{
"name": "https://github.com/zmartzone/mod_auth_openidc/blob/v2.4.12.1/auth_openidc.conf#L975-L984",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/blob/v2.4.12.1/auth_openidc.conf#L975-L984"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00020.html"
}
],
"source": {
"advisory": "GHSA-q6f2-285m-gr53",
"discovery": "UNKNOWN"
},
"title": "Open Redirect in oidc_validate_redirect_url()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23527",
"datePublished": "2022-12-14T17:22:30.105Z",
"dateReserved": "2022-01-19T21:23:53.784Z",
"dateUpdated": "2025-04-18T14:23:56.649Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1672 (GCVE-0-2023-1672)
Vulnerability from cvelistv5
Published
2023-07-11 11:47
Modified
2025-02-13 16:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | tang | ||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1672"
},
{
"name": "RHBZ#2180999",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180999"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/06/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T16:29:42.615646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T16:29:57.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "tang",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "tang",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "tang",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "tang",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "tang",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T21:06:32.549Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1672"
},
{
"name": "RHBZ#2180999",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180999"
},
{
"url": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/06/15/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-22T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-07T00:00:00Z",
"value": "Made public."
}
],
"title": "Race condition exists in the key generation and rotation functionality",
"x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1672",
"datePublished": "2023-07-11T11:47:35.363Z",
"dateReserved": "2023-03-28T15:03:04.864Z",
"dateUpdated": "2025-02-13T16:39:29.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28625 (GCVE-0-2023-28625)
Vulnerability from cvelistv5
Published
2023-04-03 13:19
Modified
2025-02-13 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenIDC | mod_auth_openidc |
Version: >= 2.0.0, < 2.4.13.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5405"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBKFC22PDH6UXMSZ23PHTD7736ZC7BB/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:56:43.295806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:57:04.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mod_auth_openidc",
"vendor": "OpenIDC",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.13.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T19:06:16.794Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179"
},
{
"name": "https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5405"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBKFC22PDH6UXMSZ23PHTD7736ZC7BB/"
}
],
"source": {
"advisory": "GHSA-f5xw-rvfr-24qr",
"discovery": "UNKNOWN"
},
"title": "mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28625",
"datePublished": "2023-04-03T13:19:40.422Z",
"dateReserved": "2023-03-20T12:19:47.206Z",
"dateUpdated": "2025-02-13T16:48:46.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4016 (GCVE-0-2023-4016)
Vulnerability from cvelistv5
Published
2023-08-02 04:20
Modified
2025-02-13 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux Kernal |
Version: 3.3.0 (might be earlier) - latest |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:10.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/procps-ng/procps"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Linux Kernal",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3.0 (might be earlier) - latest"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Berlin, BGU"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Prof. Oded Margalit, BGU and Trellix"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Prof. Gera Weiss, BGU"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Under some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap."
}
],
"value": "Under some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap."
}
],
"impacts": [
{
"capecId": "CAPEC-9",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-9 Buffer Overflow in Local Command-Line Utilities"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-21T02:06:11.188Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://gitlab.com/procps-ng/procps"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-4016",
"datePublished": "2023-08-02T04:20:20.645Z",
"dateReserved": "2023-07-31T10:40:24.737Z",
"dateUpdated": "2025-02-13T17:03:24.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29499 (GCVE-0-2023-29499)
Vulnerability from cvelistv5
Published
2023-09-14 19:06
Modified
2025-02-13 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | glib2 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-29499"
},
{
"name": "RHBZ#2211828",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "glib2",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 37",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges William Manley as the original reporter."
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T14:06:16.355Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-29499"
},
{
"name": "RHBZ#2211828",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
},
{
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gvariant offset table entry size is not checked in is_normal()",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-29499",
"datePublished": "2023-09-14T19:06:17.810Z",
"dateReserved": "2023-05-30T11:48:42.094Z",
"dateUpdated": "2025-02-13T16:49:21.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26767 (GCVE-0-2023-26767)
Vulnerability from cvelistv5
Published
2023-03-16 00:00
Modified
2025-02-26 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/liblouis/liblouis/issues/1292"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/liblouis/liblouis/pull/1297"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:32:41.934067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:32:53.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/liblouis/liblouis/issues/1292"
},
{
"url": "https://github.com/liblouis/liblouis/pull/1297"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26767",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-26T16:32:53.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31486 (GCVE-0-2023-31486)
Vulnerability from cvelistv5
Published
2023-04-28 00:00
Modified
2025-01-30 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-29T12:04:38.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/"
},
{
"tags": [
"x_transferred"
],
"url": "https://hackeriet.github.io/cpan-http-tiny-overview/"
},
{
"name": "[oss-security] 20230429 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/05/03/4"
},
{
"name": "[oss-security] 20230507 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/chansen/p5-http-tiny/pull/153"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241129-0011/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T19:18:03.667792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:26:26.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/"
},
{
"url": "https://hackeriet.github.io/cpan-http-tiny-overview/"
},
{
"name": "[oss-security] 20230429 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/05/03/4"
},
{
"name": "[oss-security] 20230507 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"url": "https://github.com/chansen/p5-http-tiny/pull/153"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31486",
"datePublished": "2023-04-28T00:00:00.000Z",
"dateReserved": "2023-04-28T00:00:00.000Z",
"dateUpdated": "2025-01-30T19:26:26.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38710 (GCVE-0-2023-38710)
Vulnerability from cvelistv5
Published
2023-08-25 00:00
Modified
2024-11-26 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libreswan/libreswan/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://libreswan.org/security/CVE-2023-38710/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-18T17:07:09.396495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T21:53:27.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload\u0027s protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T20:28:53.862419",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libreswan/libreswan/tags"
},
{
"url": "https://libreswan.org/security/CVE-2023-38710/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38710",
"datePublished": "2023-08-25T00:00:00",
"dateReserved": "2023-07-24T00:00:00",
"dateUpdated": "2024-11-26T21:53:27.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26769 (GCVE-0-2023-26769)
Vulnerability from cvelistv5
Published
2023-03-16 00:00
Modified
2025-02-26 16:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://loutrace.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/liblouis/liblouis"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/liblouis/liblouis/pull/1300"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:31:04.883408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:31:26.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://loutrace.com"
},
{
"url": "https://github.com/liblouis/liblouis"
},
{
"url": "https://github.com/liblouis/liblouis/pull/1300"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26769",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-26T16:31:26.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33460 (GCVE-0-2023-33460)
Vulnerability from cvelistv5
Published
2023-06-06 00:00
Modified
2025-01-08 16:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:05.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lloyd/yajl/issues/250"
},
{
"name": "[debian-lts-announce] 20230702 [SECURITY] [DLA 3478-1] yajl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230711 [SECURITY] [DLA 3492-1] yajl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html"
},
{
"name": "FEDORA-2023-00572178e1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/"
},
{
"name": "FEDORA-2023-0b0bb84049",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBUUHG27RM4ROEYKMVRROR27AX6R63MB/"
},
{
"name": "FEDORA-2023-852b377773",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/"
},
{
"name": "[debian-lts-announce] 20230805 [SECURITY] [DLA 3516-1] burp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T16:24:41.242233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T16:24:46.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-05T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/lloyd/yajl/issues/250"
},
{
"name": "[debian-lts-announce] 20230702 [SECURITY] [DLA 3478-1] yajl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230711 [SECURITY] [DLA 3492-1] yajl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html"
},
{
"name": "FEDORA-2023-00572178e1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/"
},
{
"name": "FEDORA-2023-0b0bb84049",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBUUHG27RM4ROEYKMVRROR27AX6R63MB/"
},
{
"name": "FEDORA-2023-852b377773",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/"
},
{
"name": "[debian-lts-announce] 20230805 [SECURITY] [DLA 3516-1] burp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33460",
"datePublished": "2023-06-06T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-08T16:24:46.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32142 (GCVE-0-2021-32142)
Vulnerability from cvelistv5
Published
2023-02-17 00:00
Modified
2025-03-19 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/LibRaw/LibRaw/issues/400"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gtt1995"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.libraw.org/"
},
{
"name": "FEDORA-2023-220878f1bf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/"
},
{
"name": "FEDORA-2023-be842ba7fb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/"
},
{
"name": "[debian-lts-announce] 20230527 [SECURITY] [DLA 3433-1] libraw security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html"
},
{
"name": "DSA-5412",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5412"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-32142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T14:14:57.811217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:15:03.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-28T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/LibRaw/LibRaw/issues/400"
},
{
"url": "https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49"
},
{
"url": "https://github.com/gtt1995"
},
{
"url": "https://www.libraw.org/"
},
{
"name": "FEDORA-2023-220878f1bf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/"
},
{
"name": "FEDORA-2023-be842ba7fb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/"
},
{
"name": "[debian-lts-announce] 20230527 [SECURITY] [DLA 3433-1] libraw security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html"
},
{
"name": "DSA-5412",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5412"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32142",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2021-05-07T00:00:00.000Z",
"dateUpdated": "2025-03-19T14:15:03.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38712 (GCVE-0-2023-38712)
Vulnerability from cvelistv5
Published
2023-08-25 00:00
Modified
2024-08-02 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libreswan/libreswan/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://libreswan.org/security/CVE-2023-38712/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T20:31:56.483324",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libreswan/libreswan/tags"
},
{
"url": "https://libreswan.org/security/CVE-2023-38712/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38712",
"datePublished": "2023-08-25T00:00:00",
"dateReserved": "2023-07-24T00:00:00",
"dateUpdated": "2024-08-02T17:46:56.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32611 (GCVE-0-2023-32611)
Vulnerability from cvelistv5
Published
2023-09-14 19:07
Modified
2025-02-13 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | glib2 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:35.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32611"
},
{
"name": "RHBZ#2211829",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211829"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2797"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231027-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "glib2",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 38",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges William Manley as the original reporter."
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T14:06:18.108Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32611"
},
{
"name": "RHBZ#2211829",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211829"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2797"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231027-0005/"
},
{
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "G_variant_byteswap() can take a long time with some non-normal inputs",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32611",
"datePublished": "2023-09-14T19:07:19.011Z",
"dateReserved": "2023-05-30T11:48:42.101Z",
"dateUpdated": "2025-02-13T16:54:50.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28101 (GCVE-0-2023-28101)
Vulnerability from cvelistv5
Published
2023-03-16 15:55
Modified
2025-02-25 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
},
{
"name": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c"
},
{
"name": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869"
},
{
"name": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:29:25.331087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:55:35.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "flatpak",
"vendor": "flatpak",
"versions": [
{
"status": "affected",
"version": "\u003c 1.10.8"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.8"
},
{
"status": "affected",
"version": "\u003e= 1.14.0, \u003c 1.14.4"
},
{
"status": "affected",
"version": "\u003e= 1.15.0, \u003c 1.15.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-23T10:06:26.709Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
},
{
"name": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c"
},
{
"name": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869"
},
{
"name": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c"
},
{
"url": "https://security.gentoo.org/glsa/202312-12"
}
],
"source": {
"advisory": "GHSA-h43h-fwqx-mpp8",
"discovery": "UNKNOWN"
},
"title": "Flatpak metadata with ANSI control codes can cause misleading terminal output"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28101",
"datePublished": "2023-03-16T15:55:53.576Z",
"dateReserved": "2023-03-10T18:34:29.226Z",
"dateUpdated": "2025-02-25T14:55:35.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33204 (GCVE-0-2023-33204)
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2025-01-22 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sysstat/sysstat/pull/360"
},
{
"name": "[debian-lts-announce] 20230527 [SECURITY] [DLA 3434-1] sysstat security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00026.html"
},
{
"name": "FEDORA-2023-ac947ec260",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV/"
},
{
"name": "FEDORA-2023-4706cef256",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:49:24.378524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:49:28.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/sysstat/sysstat/pull/360"
},
{
"name": "[debian-lts-announce] 20230527 [SECURITY] [DLA 3434-1] sysstat security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00026.html"
},
{
"name": "FEDORA-2023-ac947ec260",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV/"
},
{
"name": "FEDORA-2023-4706cef256",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33204",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2023-05-18T00:00:00",
"dateUpdated": "2025-01-22T14:49:28.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26768 (GCVE-0-2023-26768)
Vulnerability from cvelistv5
Published
2023-03-16 00:00
Modified
2025-02-26 15:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/liblouis/liblouis/issues/1301"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/liblouis/liblouis/pull/1302"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26768",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T15:42:55.170057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:46:04.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/liblouis/liblouis/issues/1301"
},
{
"url": "https://github.com/liblouis/liblouis/pull/1302"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26768",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-26T15:46:04.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43618 (GCVE-0-2021-43618)
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/994405"
},
{
"tags": [
"x_transferred"
],
"url": "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e"
},
{
"name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html"
},
{
"name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/3"
},
{
"name": "20221016 Re: over 2000 packages depend on abort()ing libgmp",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/8"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221111-0001/"
},
{
"name": "GLSA-202309-13",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-29T14:06:22.071388",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html"
},
{
"url": "https://bugs.debian.org/994405"
},
{
"url": "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e"
},
{
"name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html"
},
{
"name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/3"
},
{
"name": "20221016 Re: over 2000 packages depend on abort()ing libgmp",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/8"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221111-0001/"
},
{
"name": "GLSA-202309-13",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-13"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43618",
"datePublished": "2021-11-15T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28100 (GCVE-0-2023-28100)
Vulnerability from cvelistv5
Published
2023-03-16 15:51
Modified
2025-02-13 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp"
},
{
"name": "https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9"
},
{
"name": "https://marc.info/?l=oss-security\u0026m=167879021709955\u0026w=2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=167879021709955\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T16:24:16.321968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T16:24:40.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "flatpak",
"vendor": "flatpak",
"versions": [
{
"status": "affected",
"version": "\u003c 1.10.8"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.8"
},
{
"status": "affected",
"version": "\u003e= 1.14.0, \u003c 1.14.4"
},
{
"status": "affected",
"version": "\u003e= 1.15.0, \u003c 1.15.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don\u0027t run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-23T10:06:23.380Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp"
},
{
"name": "https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9"
},
{
"name": "https://marc.info/?l=oss-security\u0026m=167879021709955\u0026w=2",
"tags": [
"x_refsource_MISC"
],
"url": "https://marc.info/?l=oss-security\u0026m=167879021709955\u0026w=2"
},
{
"url": "https://security.gentoo.org/glsa/202312-12"
}
],
"source": {
"advisory": "GHSA-7qpw-3vjv-xrqp",
"discovery": "UNKNOWN"
},
"title": "TIOCLINUX can send commands outside sandbox if running on a virtual console"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28100",
"datePublished": "2023-03-16T15:51:32.037Z",
"dateReserved": "2023-03-10T18:34:29.226Z",
"dateUpdated": "2025-02-13T16:45:39.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22745 (GCVE-0-2023-22745)
Vulnerability from cvelistv5
Published
2023-01-19 22:12
Modified
2025-03-10 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tpm2-software | tpm2-tss |
Version: <= 4.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67"
},
{
"name": "https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22745",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:01:10.360058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:21:37.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tpm2-tss",
"vendor": "tpm2-software",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-19T22:12:40.208Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67"
},
{
"name": "https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5"
}
],
"source": {
"advisory": "GHSA-4j3v-fh23-vx67",
"discovery": "UNKNOWN"
},
"title": "Buffer Overlow in TSS2_RC_Decode in tpm2-tss"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22745",
"datePublished": "2023-01-19T22:12:40.208Z",
"dateReserved": "2023-01-06T14:21:05.893Z",
"dateUpdated": "2025-03-10T21:21:37.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…